New Shai-Hulud worm spreading via npm, GitHub

Shai-Hulud first emerged in September, revealed by the invention that dozens of npm libraries, together with a coloration library with over 2 million downloads per week, had been changed with malicious variations.

The preliminary Shai-Hulud wave was already one of the crucial extreme JavaScript supply-chain assaults Wiz has seen, Merav Bar, an organization menace researcher and co-author of the report advised CSO. “This new wave is larger and sooner: greater than 25,000 attacker-created repos throughout roughly 350 GitHub customers, rising by about 1,000 repos each half-hour, with malware that steals developer and cloud credentials and runs within the preinstall part, touching dev machines and CI/CD pipelines alike. That mixture of scale, pace, and entry makes it a high-impact marketing campaign.”

Assume compromise

If a person had pulled any of the affected packages through the November 21–23 window, she stated, they need to assume their atmosphere is uncovered. Cures embody clearing the npm cache on their workstation, eradicating node_modules, reinstalling from clear variations, or pinning to variations revealed earlier than the malicious releases, and rotating any tokens or secrets and techniques that have been current (GitHub PATs, npm tokens, SSH keys, cloud credentials).

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles