"Dubbed "Shai-Hulud," the malicious software is designed to slip into developer machines through the JavaScript repository "Node Package Manager" (NPM), a widely used database of software modules and coding tools. According to Krebs, once the malware nabs credentials from an infested computer, it publishes its finds to a public file on GitHub, which includes the name "Shai-Hulud" - the mythic sandworm from Frank Herbert's 1965 sci-fi novel "Dune.""
"What makes Shai-Hulud particularly devastating is that every time an unsuspecting developer installs an infected module from NPM, the worm searches their system for "access tokens" - a way to download NPM content without a username or password - and infects the 20 most popular packages associated with that person's account. "This creates a cascading effect where an infected package leads to compromised maintainer credentials, which in turn infects all other packages maintained by that user," said StepSecurity researcher Ashish Kurmi."
A novel self-replicating worm named Shai-Hulud infected dozens of Node Package Manager (NPM) modules, compromising developer credentials and propagating across projects. The malware steals access tokens from compromised machines and publishes harvested credentials to a public GitHub file, then uses those tokens to push malicious updates into the 20 most popular packages tied to an affected maintainer. The worm creates cascading supply-chain infections by compromising maintainer accounts and propagating to their other packages. At least 187 NPM modules were affected, including 25 packages managed via CrowdStrike. The worm targets Linux and Mac systems and deliberately skips Windows. NPM and CrowdStrike removed the infected packages.
Read at Futurism
Unable to calculate read time
Collection
[
|
...
]