Pierluigi Paganini
May 19, 2026
The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were right.
According to cybersecurity firm Ox Security, at least one threat actor is already using modified versions of the worm in attacks against NPM developers.
Shai-Hulud first appeared back in September 2025 during a series of supply chain attacks targeting the open source ecosystem. The malware resurfaced again a few months later, compromising hundreds of NPM packages and potentially affecting thousands of developers. Its main purpose was straightforward: steal credentials, tokens, API keys, and other secrets from infected machines, then use those credentials to spread further by pushing malicious updates through compromised maintainer accounts.
Things escalated earlier this year when researchers connected the malware to TeamPCP, the group tied to several attacks against the open source community, including incidents involving Trivy, Bitwarden, Checkmarx, SAP, and TanStack.
Then came the turning point: TeamPCP briefly uploaded repositories containing the full Shai-Hulud source code to GitHub. Around the same time, posts appeared on BreachForums encouraging people to reuse the malware and launch their own supply chain campaigns.
Ox Security spotted a threat actor that has already published four malicious NPM packages, including a direct clone of Shai-Hulud called “chalk-tempalte.” The clone is simpler than the original version and doesn’t even try particularly hard to hide itself, but the core behavior is still there.
“The chalk-tempalte npm package contains a clone of the Shai-Hulud open source which was published last week in GitHub. The actor took the code, and almost without any change at all – uploaded a working version with its own C2 server and private key into npm.” reads the report published by Ox Security. “By analyzing the malware’s source code, the same patterns from previous Shai-Hulud attacks are immediately recognizable, as expected. This includes uploading stolen credentials to a new GitHub repository.”
The attacker also used typo-squatting tricks to target developers searching for Axios-related packages. Some of the malicious packages imitate legitimate utilities closely enough that a distracted developer could install them without noticing the difference.
One package reportedly goes beyond credential theft and attempts to pull infected systems into a DDoS botnet, which suggests the actor is experimenting with multiple monetization paths instead of relying only on stolen developer secrets.
According to the experts, the four identified packages:
had already accumulated more than 2,600 weekly downloads before being detected.
What’s worrying is not only the malware itself, but how fast others could reuse it once the code was exposed. A threat that was already dangerous for skilled actors has now become much easier for less capable ones to deploy.
“Threat actors are getting even more motivated to conduct supply chain and typo-squatting, as attacks become easier to perform with the Shai-Hulud code becoming open source.” concludes the report. “We’re now seeing a single actor with multiple techniques and infostealer types spreading malicious code onto NPM. It’s just the first phase of an upcoming wave of supply chain attacks coming.”
Modern software development relies heavily on third-party dependencies, often installed without close review, which creates supply chain risk if malicious code enters trusted repositories.
The release of the Shai-Hulud source code has worsened the threat by making a powerful attack tool reusable and easy to modify, even for less skilled actors. This has led to expectations of fast-growing copycat campaigns.
Defenders are urged to monitor dependency updates, watch for suspicious or typo-squatted packages, and better secure developer tokens and CI/CD credentials, which are common attacker targets.
“We’re seeing more and more vibe coded malware being spread on npm, each variant collecting different types of data and used for different purposes, from location information, sensitive repositories, Cloud credentials, and even a DDoS botnet all from the same npm account.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, malware)
