Back in September 2025, we published a blog post titled “The NPM Worm That No One’s Talking About—But Everyone Should Be”. In that post, we raised the alarm about the first wave of Shai-Hulud, a self-propagating malware targeting the npm ecosystem.
At the time, we warned that this attack was a harbinger for future supply chain crises, with attackers developing increasingly sophisticated tactics to exploit open-source ecosystems.
Unfortunately, Wave 1 didn’t get the attention it deserved. The focus was narrow, primarily on big-name brands like CrowdStrike, rather than on the systemic vulnerabilities that Shai-Hulud exposed.
Now, just a few months later, Wave 2 has arrived, and it’s even more destructive.
Wave 1 vs. Wave 2: A Side-by-Side Comparison
Here’s a quick side-by-side look at what’s changed:
| Category | Wave 1 (September 2025) | Wave 2 (November 2025) |
| Scope and Scale | Targeted a smaller number of npm packages, with limited spread and slower infection rates. | Affected 25,000+ repositories with 1,000 new infections every 30 minutes, faster and broader. |
| Attack Techniques | Injected malicious code into npm packages to steal credentials using TruffleHog. | Used setup_bun.js preinstall script to execute malicious payloads like bun_environment.js. |
| Key Objectives | Focused solely on credential theft (e.g., npm tokens, secrets, cloud credentials). | Combined credential theft with punitive sabotage (e.g., wiping home directories if theft failed). |
| Propagation | Relied on compromised maintainer accounts to push malicious npm packages. | Introduced self-replicating malware, infecting additional npm packages owned by maintainers. |
| Destructive Behavior | No destructive actions; focused only on stealing credentials and propagating malware. | Included wiper functionality, destroying entire home directories if exfiltration failed. |
| Privilege Escalation | No advanced privilege escalation methods. | Used Docker commands to gain root access by modifying the sudoers file for passwordless control. |
| Persistence Mechanisms | Relied on compromised accounts and malicious npm packages for propagation. | Leveraged GitHub workflows (e.g., discussion.yaml) and self-hosted runners to execute arbitrary commands. |
| Tradecraft Evolution | Referenced Shai-Hulud techniques, but with less sophistication. | Showed advanced tactics, combining sabotage, privilege escalation, and persistence, indicating higher expertise. |
| Scale of Impact | Limited to a smaller number of repositories, with fewer downstream effects. | Impacted thousands of repositories at scale, affecting 350+ unique users and critical downstream projects. |
| Mitigation Complexity | Easier to mitigate through credential rotation and repository audits. | Harder to mitigate due to destructive capabilities, faster spread, and advanced persistence mechanisms. |
| Recommendations | Preemptive Cyber Defense (Advanced Deception, Automated Moving Target Defense, Adaptive Exposure Management), Rotate credentials, audit repositories, and monitor npm package behavior. | Preemptive Cyber Defense (Advanced Deception, Automated Moving Target Defense, Adaptive Exposure Management), Add pre-execution runtime protection, scan for malicious workflows, and restrict Docker privileges. |
The highlights:
- Wave 1 primarily focused on credential theft and propagation, while Wave 2 escalated to include destruction, faster spread, and privilege escalation.
- The evolution in tactics highlights the increasing sophistication of attackers and the need for proactive, prevention-first defenses.
What We Warned About in Wave 1
In September, we highlighted key risks associated with Shai-Hulud’s first wave, including:
- Autonomous Spread: Shai-Hulud is a self-replicating worm, capable of embedding itself across interconnected open-source libraries without user action.
- Credential Theft: The malware exfiltrated sensitive developer credentials, such as npm tokens, GitHub credentials, and AWS keys, turning them into long-term vulnerabilities.
- Supply Chain Crisis: The worm exploited the trust model of open-source ecosystems, weaponizing dependency chains to propagate silently through critical software pipelines.
- CI/CD Hijacking: By injecting malicious scripts into GitHub Actions, Shai-Hulud gained access to build environments, potentially compromising production deployments at scale.
- Lack of Awareness: Despite its massive implications, the attack received limited attention, with media coverage focusing narrowly on CrowdStrike rather than the broader risks to the software supply chain.
We explicitly warned that this was not just another open-source incident. It was a wake-up call that the cybersecurity community needed to address urgently.
What’s Different in Wave 2?
The second wave of Sha1-Hulud builds directly on the tactics used in Wave 1 but introduces more aggressive and destructive behaviors, including:
- Punitive Sabotage:
- If the malware fails to steal credentials or establish persistence, it triggers a wiper functionality, destroying the victim’s entire home directory.
- This marks a shift from pure credential theft to punitive destruction, significantly increasing the stakes.
- Faster Propagation:
- Wave 2 has expanded its reach to 25,000+ repositories, infecting 1,000 new repositories every 30 minutes, a dramatic escalation in scale and speed.
- Privilege Escalation:
- Attackers now use Docker commands to gain root access, modifying the sudoers file to grant themselves passwordless control over compromised systems.
- Advanced Persistence:
- Wave 2 leverages GitHub workflows and self-hosted runners, allowing attackers to execute arbitrary commands and maintain persistence in infected repositories.
Why Supply Chains Are Prime Targets
Open-source ecosystems like npm are inherently vulnerable to supply chain attacks because of their widespread use and implicit trust. Attackers recognize that compromising a single package can have ripple effects across thousands of downstream projects.
- Wave 1: Focused on stealing credentials, exfiltrating secrets, and leveraging dependency chains to propagate malicious code.
- Wave 2: Introduced destructive behaviors, self-replication, and privilege escalation, making the attack significantly harder to detect and mitigate.
This evolution highlights the growing professionalization of attackers and the urgent need for proactive defenses to protect development pipelines.
What Organizations Must Do Now
To protect against the escalating threat of Shai-Hulud, organizations must adopt a proactive, prevention-first approach. Here are some steps your team can take to mitigate risk:
- Scan for Compromised Packages:
- Audit systems and repositories for impacted npm packages.
- Look for suspicious workflows in .github/workflows/, such as shai-hulud-workflow.yml.
- Rotate Credentials and Tokens:
- Immediately rotate npm tokens, GitHub tokens, and cloud provider credentials (AWS, Azure, GCP).
- Deploy Pre-Execution Defenses:
- Use runtime protection tools like Morphisec’s AMTD to block malicious scripts before they execute.
- Monitor for Persistence Mechanisms:
- Audit repositories for unexpected branches or workflows attackers may use to establish persistence.
- Enforce Least Privilege Access:
- Limit access to secrets and ensure sensitive credentials are stored securely.
Final Thoughts: Can We Talk About This Now?
The second wave of Sha1-Hulud proves what we warned about in September: supply chain attacks are becoming faster, stealthier, and more destructive. It’s no longer enough to focus on detection and response; organizations need preemptive defenses that stop these threats before they can execute.
At Morphisec, we specialize in protecting software development pipelines through solutions like Advanced Deception using Automated Moving Target Defense (AMTD), which prevents malicious scripts from executing in the first place.
The question now is not if these attacks will escalate further; it’s how prepared your organization is to stop them.
Let’s secure your supply chain today. Book a personalized demo today to see Morphisec in action.
Stay up-to-date
Get the latest resources, news, and threat research delivered to your inbox.
