"The Mini Shai-Hulud campaign does not work the way most supply chain attacks do because, rather than stealing a developer's credentials and publishing directly, the attacker forks a target repository on GitHub, opens a pull request that triggers a `pull_request_target` workflow. This poisons the GitHub Actions cache with a malicious pnpm store, and from that point, the infected packages carry valid signed certificates and pass SLSA provenance checks, making them appear completely clean to standard security tooling."
"On May 19, the latest wave struck the AntV data visualization ecosystem as attackers gained access to a compromised maintainer account in the @atool namespace and published more than 300 malicious package versions across 323 packages in a 22-minute automated burst. Among the affected packages is echarts-for-react, a React wrapper for Apache Echarts with roughly 1.1 million weekly downloads. The collective weekly download count across all affected packages in this wave is estimated at around 16 million."
"The most alarming technical detail is what happens if a developer tries to intervene. The malware installs a dead-man's switch, i.e., a shell script that polls GitHub's API every 60 seconds to check whether the npm token it created has been revoked. That token carries the description IfYouRevokeThisTokenItWillWipeTheComputerOfTheOwner, which, if revoked by a developer, immediately wipes the infected machine's home directory."
"GitHub responded May 20 with staged publishing, bulk OIDC onboarding, and a plan to deprecate legacy npm tokens. The response aims to reduce the ability for attackers to abuse token-based publishing paths and to move publishing workflows toward OpenID Connect-based authentication."
Attackers used a forked repository and a pull_request_target workflow to poison the GitHub Actions cache with a malicious pnpm store. The resulting builds produced packages carrying valid signed certificates and SLSA provenance, making them appear clean to standard security tooling. A wave on May 19 targeted the AntV data visualization ecosystem by compromising a maintainer account in the @atool namespace and publishing 300+ malicious versions across 323 packages in about 22 minutes. The affected packages included echarts-for-react, with about 1.1 million weekly downloads, and the total weekly downloads across affected packages were estimated at around 16 million. The malware installed a dead-man’s switch that polled GitHub’s API every 60 seconds to detect npm token revocation and wipe the developer’s home directory immediately. GitHub responded on May 20 with staged publishing, bulk OIDC onboarding, and a plan to deprecate legacy npm tokens.
Read at news.bitcoin.com
Unable to calculate read time
Collection
[
|
...
]