Mini Shai-Hulud FAQ on the TeamPCP npm and PyPI supply-chain...

[carlospolop]

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

• Blog URL: https://www.tenable.com/blog/mini-shai-hulud-frequently-asked-questions
• Blog Title: Mini Shai-Hulud: FAQ on the TeamPCP npm and PyPI supply-chain campaign
• Suggested Section: Pentesting CI/CD -> Github Security -> Abusing Github Actions, especially Gh Actions - Cache Poisoning / pull_request_target abuse / OIDC federation and provenance bypass

🎯 Content Summary

Mini Shai-Hulud is a TeamPCP self-propagating open-source supply-chain worm targeting the npm and PyPI ecosystems. The campaign compromised more than 170 npm and PyPI packages, affecting packages with more than 518 million cumulative weekly downloads. Tenable’s core guidance is that any developer workstation, build host, or CI/CD runner that installed a compromised package version must be treated as f...

🔧 Technical Details

Self-propagating package-manager worm: A compromised npm or PyPI package can execute attacker code during installation or initialization. In npm, this commonly abuses lifecycle hooks such as preinstall, which run before dependency installation completes. The malware harvests registry, developer, cloud, and CI/CD credentials from environment variables and common filesystem paths, exfiltrates them, and uses package-registry credentials to publish trojanized versions of other packages accessible to the victim. This turns every infected developer workstation or CI/CD runner into a new propagation node.

npm lifecycle hook execution as the initial code-execution primitive: In the npm attack chain, trojanized packages include a preinstall hook that downloads the Bun JavaScript runtime and executes an obfuscated credential stealer. This does not require exploiting memory corruption in npm itself; it abuses legitimate pac...

🤖 Agent Actions

Done.

Updated:

• src/pentesting-ci-cd/github-security/abusing-github-actions/README.md

Added:

• A new subsection on OIDC trusted publishing compromise & provenance limits
• The explicit attack chain:
  • pull_request_target / low-trust workflow abuse
  • GitHub Actions cache poisoning
  • execution in a privileged release workflow
  • theft of GitHub OIDC identity material (ACTIONS_ID_TOKEN_REQUEST_* or runner memory/cache)
  • exchange for npm trusted publishing credentials
  • publication of malicious packages with valid provenance/Sigstore attestations
• Practical assessment checks and mitigations
• References to the Tenable blog, GitHub Docs, and npm Docs

I did not create new files because the existing GitHub Actions page was already the best fit, and most other blog techniques were already covered elsewhere in HackTricks.

---

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

[carlospolop]

🔗 Additional Context

Original Blog Post: https://www.tenable.com/blog/mini-shai-hulud-frequently-asked-questions

Content Categories: Based on the analysis, this content was categorized under "Pentesting CI/CD -> Github Security -> Abusing Github Actions, especially Gh Actions - Cache Poisoning / pull_request_target abuse / OIDC federation and provenance bypass".

Repository Maintenance:

• MD Files Formatting: 584 files processed

Review Notes:

• This content was automatically processed and may require human review for accuracy
• Check that the placement within the repository structure is appropriate
• Verify that all technical details are correct and up-to-date
• All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0