Shai-Hulud Malware Clone Powers New Npm Infostealer and DDoS Campaign

Four malicious npm packages tied to a Shai-Hulud copycat campaign were found stealing developer credentials, cloud secrets, cryptocurrency wallet data, and system information, with one package also deploying a DDoS botnet component.

OX Security reported the packages after identifying activity from the npm user deadcode09284814. The packages were published under the names chalk-tempalte, @deadcode09284814/axios-util, axois-utils, and color-style-utils. OX said anyone who installed any version of the packages should treat the machine as affected.

The campaign appears to be a copycat wave following the public release of Shai-Hulud source code by TeamPCP. The most notable package, chalk-tempalte, contains a near-direct clone of that source code, with the attacker adding their own command-and-control server and key material before publishing it to npm.

The package names also show clear typosquatting behavior. chalk-tempalte closely resembles chalk-template, while axois-utils appears designed to catch developers looking for Axios-related utilities. That approach targets the normal speed of JavaScript development, where a mistyped package name can turn a routine install into a credential theft incident.

Four Malicious npm Packages

The packages use different payloads even though they were published by the same npm account. OX said the malware collected different types of data across the packages, including IP information, cloud configuration files, cryptocurrency wallets, environment variables, SSH keys, and other credentials.

OX reported a total of 2,678 weekly downloads across the malicious packages at the time of its analysis. The download count is not large compared with major npm packages, but the risk is higher than the number suggests because these packages target developer machines that may contain npm tokens, GitHub credentials, SSH keys, cloud provider secrets, and wallet files.

Chalk-tempalte Copies Shai-Hulud Code

The chalk-tempalte package is the clearest link to Shai-Hulud. OX said the package uses an almost unchanged copy of the Shai-Hulud source code that TeamPCP recently released, with no meaningful obfuscation added by the new actor. The attacker appears to have copied the code, configured it with new infrastructure, and pushed it into npm as a working malicious package.

Once installed, the malware searches for sensitive material and sends stolen data to the command-and-control domain 87e0bbc636999b.lhr.life. OX also said the Shai-Hulud behavior includes uploading stolen credentials to a new public GitHub repository, a tactic that can expose secrets beyond the attacker’s own infrastructure and make incident response more difficult for affected developers.

The package is dangerous because it does not only target one application. Developer machines often store access to many systems at once, including private repositories, package publishing accounts, cloud infrastructure, deployment environments, and cryptocurrency wallets. A single malicious dependency can become a broader supply chain incident if stolen tokens are still valid.

Axois-utils Adds a DDoS Botnet Component

The axois-utils package adds another layer to the campaign. OX said the package refers to its payload as a “phantom bot” and includes a local bot service written in Go. The code contains persistence logic intended to remain on the infected machine even after the npm package is removed.

The same package also contains DDoS functionality. OX said the botnet code can flood websites with HTTP, TCP, UDP, and reset requests, turning an infected developer machine into part of an attack system rather than only a source of stolen credentials.

That combination changes the risk for victims. A compromised developer host can lose secrets and also be used in attacks against other targets, creating operational, legal, and incident-response problems for organizations that may not realize a developer machine has become part of a botnet.

Credentials, Cloud Secrets, and Crypto Wallets Were Targeted

The remaining packages focus on theft. OX said @deadcode09284814/axios-util collects SSH keys, environment variables, and cloud credentials for AWS, GCP, and Azure before sending data to 80.200.28.28:2222. The color-style-utils package collects IP address information, geolocation data, and cryptocurrency wallet material before sending stolen data to edcf8b03c84634.lhr.life.

Those targets are consistent with modern software supply chain attacks. npm tokens can let attackers publish malicious package updates. GitHub credentials can expose private repositories and CI/CD workflows. Cloud keys can give attackers access to storage, servers, databases, and deployment systems. SSH keys can provide direct access to infrastructure. Wallet files can lead to immediate financial theft.

Developers and organizations that installed any of the four packages should remove them, rotate credentials from affected systems, inspect GitHub accounts for unexpected repositories, and review cloud logs for unusual access. OX specifically recommended checking for GitHub repositories containing the string A Mini Sha1-Hulud has Appeared, which is associated with the credential exposure behavior.

How Developers Should Respond

Anyone who installed chalk-tempalte, @deadcode09284814/axios-util, axois-utils, or color-style-utils should treat the affected machine as compromised. Removing the package is only the first step because stolen credentials may already be outside the system.

Developers should rotate npm tokens, GitHub personal access tokens, SSH keys, cloud provider keys, deployment secrets, CI/CD variables, and wallet credentials that were present on the affected machine. Organizations should also review recent package publishing activity, GitHub repository creation, cloud API calls, and outbound network traffic to the reported command-and-control infrastructure.

Teams using coding agents or IDE integrations should also check for malicious configuration left behind by the packages. OX recommended deleting related malicious configuration from IDEs and coding agents, including Claude Code, because developer tooling can provide another path for persistence or repeated execution.

The Shai-Hulud copycat campaign shows how quickly leaked malware can move into the package ecosystem. Once source code is public, a lower-skill actor can copy it, add new infrastructure, and use typosquatted package names to target developers who trust familiar naming patterns. For npm users, the safest response is to verify package names carefully, avoid unfamiliar packages with low history, review install scripts, pin dependencies, and limit the secrets available on machines that install untrusted code.

This campaign is not just another malicious package incident. It shows a single npm account using several payload styles at once, including Shai-Hulud credential theft, cloud secret harvesting, cryptocurrency wallet theft, and a Go-based DDoS bot. That range makes the cleanup more complicated because affected systems may need both credential rotation and botnet investigation.