Supply Chain Attack Wave Targets npm Packages and Go Ecosystem via Mini Shai-Hulud Malware Family
By
SocketDev
Summary
Socket Threat Research is tracking a new supply chain attack wave linked to the Mini Shai-Hulud, Miasma, and Hades malware family. The campaign targets LeoPlatform/RStreams npm packages, three llxlr-published npm packages, and the Verana Blockchain Go module. The attack abuses multiple techniques including npm poisoning, GitHub Actions, binding.gyp execution, Bun-staged payloads, and developer-tool hooks to steal secrets and spread across ecosystems.
Source
bskySupply Chain Attack Wave Targets npm Packages and Go Ecosystem via Mini Shai-Hulud Malware Familyhendryadrian.comKey quotes
· 2 pulledSocket Threat Research is tracking a new supply chain attack wave tied to the Mini Shai-Hulud, Miasma, and Hades malware family
The campaign abuses npm poisoning, GitHub Actions, binding.gyp execution, Bun-staged payloads, and developer-tool hooks to steal secrets and spread across ecosystems
You might also wanna read
GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware
GitLab's security researchers have uncovered a large-scale supply chain attack in the npm ecosystem involving a destructive malware variant
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
Shai Hulud 2.0 Supply-Chain Attack Compromises Zapier, ENS, AsyncAPI, PostHog, and Postman
The article details a new supply-chain attack campaign dubbed 'Shai Hulud 2.0' that has compromised multiple developer tools and platforms i
aikido.dev·7mo agoShai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
The Shai-Hulud malware campaign represents the largest and most dangerous npm supply-chain compromise in history, affecting hundreds of pack
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of att
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit

Comments
Sign in to join the conversation.
No comments yet. Be the first.