Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://trustedsec.com/blog/shai-hulud-is-back
• Blog Title: Shai-Hulud Is Back, and This Time It Ate the Whole Ecosystem
• Suggested Section: Pentesting CI/CD -> Github Security -> Abusing Github Actions; potentially a new subsection for npm/package-manager supply-chain lifecycle-hook attacks and CI runner secret scraping

🎯 Content Summary

TrustedSec analyzes a renewed Shai-Hulud npm supply-chain worm campaign published on May 21, 2026. The campaign compromised the npm account atool, which owns the popular timeago.js package, estimated in the post at around 1.5 million weekly downloads, and publishes across a large portion of Alibaba AntV’s @AntV namespace. The blast radius is described as 300+ poisoned npm packages🔧 Technical Details

npm lifecycle-hook supply-chain execution: If an attacker compromises a maintainer account or package publication pipeline, they can publish a malicious package version containing preinstall or postinstall scripts. npm executes these lifecycle hooks automatically during npm install, before the consuming application code runs. In this campaign the hook executed node -e "require('./.build/preinstall.js')", loading an obfuscated JavaScript payload from .build/preinstall.js. Defensively, treat install scripts as code execution and block them by default where possible.

Bypassing CI secret masking with process-memory scraping: CI platforms may redact secrets from logs, but secrets can still reside in process memory. Malware running on the same runner can inspect /proc/self/maps to identify mapped heap ranges, use /proc/[pid]/cmdline to locate interes...

🤖 Agent Actions

Done.

Updated:

• src/pentesting-ci-cd/github-security/abusing-github-actions/README.md

Added:

• procfs-based GitHub Actions runner secret scraping
• GitHub Contents API dead-drop exfiltration
• NODE_OPTIONS preload persistence via VS Code / Claude config
• hunting/containment commands
• hardening notes for npm/pnpm lifecycle-hook supply-chain abuse

Validation:

• file structure checked
• references updated at the end
• mdbook build couldn't run because mdbook isn't installed in this environment

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://trustedsec.com/blog/shai-hulud-is-back

Content Categories: Based on the analysis, this content was categorized under "Pentesting CI/CD -> Github Security -> Abusing Github Actions; potentially a new subsection for npm/package-manager supply-chain lifecycle-hook attacks and CI runner secret scraping".

Repository Maintenance:

• MD Files Formatting: 584 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0