Shai-Hulud Malware Clone Powers New Npm Infostealer and DDoS Campaign

The Shai-Hulud npm infostealer campaign represents a sophisticated evolution in s targeting the JavaScript . Emerging in early 2024, this campaign s the Node Package Manager (npm) repository, a critical component in the development workflow of millions of developers worldwide. An attacker-controlled account named deadcode09284814 published four malicious packages, each designed to sensitive information or weaponize infected machines. Among these, the chalk-tempalte package is a near-identical clone of the Shai-Hulud malware, a notorious infostealer previously linked to the TeamPCP hacker group. This campaign highlights the increasing complexity and risks associated with open-source supply chains, especially in s with minimal package vetting.

The Shai-Hulud npm infostealer campaign exploits developer trust by embedding malicious payloads within seemingly benign npm packages. The attacker used typosquatting tactics, publishing packages with names closely resembling popular libraries such as axios,a widely used HTTP client for Node.js. This approach is designed to trick developers into inadvertently installing malware by mistyping or misreading package names. The campaign’s four identified packages not only steal credentials, secrets, and cryptocurrency wallet data but also, in some cases, convert infected hosts into bots capable of launching distributed denial-of-service (DDoS) attacks, amplifying the threat’s impact.

Malicious Npm Packages and Their Capabilities

Security researchers at OXsecurity conducted a detailed analysis of the four malicious npm packages published by the deadcode09284814 account. These packages exhibit varying degrees of sophistication and functionality, ranging from simple infostealers to complex botnet clients. The following table summarizes the packages, their descriptions, and malicious capabilities:

Chalk-tempalte: a Near-Exact Shai-Hulud Clone

The chalk-tempalte package is particularly notable for containing an almost unaltered version of the Shai-Hulud malware source code. Shai-Hulud first surfaced publicly in late 2023 when the TeamPCP hacker group leaked its source code on GitHub, accompanied by a taunting message: “Here We Go Again – Let the Carnage Continue. A Gift from TeamPCP.” This leak enabled other to repurpose the malware, as evidenced by its deployment on npm through chalk-tempalte.

Technical analysis reveals that the chalk-tempalte malware lacks the obfuscation and anti-analysis techniques present in the original TeamPCP variant, such as string encryption, control flow flattening, or anti-debugging checks. This absence suggests that the npm package was created by a separate actor who directly copied the source code rather than the original developers. The malware executes post-install scripts that scan the infected environment for sensitive files, including ~/.aws/credentials, ~/.ssh/id_rsa, ~/.npmrc, and cryptocurrency wallet files like ~/.ethereum/keystore.

Once harvested, the malware s stolen data to a command-and-control (C2) server located at 87e0bbc636999b.lhr.life. This server is hosted on a bulletproof hosting provider known for tolerating malicious activity. In addition to direct , the malware uploads credentials to auto-generated public GitHub repositories under attacker-controlled accounts. This dual- method increases the risk of exposure and complicates incident response, as stolen secrets become publicly accessible.

Axois-utils: Infostealer With DDoS Botnet Features

The axois-utils package represents a hybrid threat combining information-stealing capabilities with active participation in a DDoS botnet. The malware’s architecture includes modules for credential harvesting, network scanning, and attack orchestration. It supports multiple DDoS vectors:

• HTTP Floods: Rapidly sending HTTP GET or POST requests to overwhelm web servers.
• TCP Floods: Flooding the target with TCP SYN packets to exhaust connection tables.
• UDP Floods: Sending large volumes of UDP packets to random or specific ports.
• TCP Reset Attacks: Injecting forged TCP reset packets to disrupt legitimate connections.

Internal code references mention a “phantom bot,” indicating a persistent botnet client designed to maintain long-term control over infected machines. Persistence mechanisms include modifying startup scripts, creating scheduled tasks, and injecting code into common developer tools to ensure re-execution after system reboots. The package also communicates with a C2 infrastructure to receive commands and report infection status.

By converting developer machines into DDoS bots, the attacker s the high bandwidth and reliable uptime of developer environments, which often have direct internet access and elevated privileges. The dual functionality of data theft and DDoS participation increases the overall threat severity, as victims face both data compromise and potential involvement in cyberattacks.

Typosquatting and Targeting Developers

Typosquatting remains a prevalent in the software supply chain, exploiting human error in package name recognition. In this campaign, the attacker registered package names closely resembling trusted libraries, such as chalk-tempalte (imitating chalk-template) and axois-utils (imitating axios-utils). These subtle misspellings increase the likelihood that developers will inadvertently install malicious dependencies, especially in automated dependency resolution scenarios or when relying on transitive dependencies.

Once installed, these packages execute scripts that silently harvest environment variables, configuration files, and cached credentials. Targeted files include cloud provider SDK credentials (~/.aws/credentials, ~/.azure/credentials), Docker configuration files (~/.docker/config.json), and npm authentication tokens (~/.npmrc). By stealing these artifacts, attackers gain access to cloud infrastructure, container registries, and package publishing rights, enabling further compromise and lateral movement.

Historical Context of Shai-Hulud Campaigns

The Shai-Hulud malware family first appeared in September 2023, attributed to the TeamPCP hacker group, which is believed to be a financially motivated cybercrime organization. Early variants targeted GitHub repositories by injecting malicious code into JavaScript projects, aiming to steal developer credentials and secrets. The stolen data was often uploaded to public GitHub repositories, a tactic designed to maximize damage and complicate attribution.

Over time, Shai-Hulud evolved to include more aggressive features such as cryptocurrency wallet theft and botnet functionality. The leak of its source code in late 2023 catalyzed a proliferation of copycat malware, as seen in the chalk-tempalte npm package. This shift from GitHub to npm as an infection vector marks a strategic evolution, as npm is the largest JavaScript package registry with over 2 million packages and millions of daily downloads, vastly expanding the potential victim pool.

This campaign is reminiscent of prior s such as the 2022 event involving the malicious npm package event-stream, which was compromised to steal cryptocurrency wallets. Similarly, the 2021 SolarWinds incident demonstrated the catastrophic potential of supply chain compromises. The Shai-Hulud npm campaign underscores the ongoing risks inherent in open-source s lacking rigorous package validation and developer vigilance.

Technical Indicators of Compromise (IOCs)

The following IOCs are critical for detecting and infections related to the Shai-Hulud npm infostealer campaign:

Detection and Strategies

Developers and several defensive measures to risks posed by the Shai-Hulud npm infostealer campaign. First, auditing dependency trees using tools like npm audit, yarn audit, or third-party supply chain security platforms can identify the presence of malicious packages. Removing or replacing suspicious dependencies is critical.

Network monitoring should focus on detecting outbound traffic to the identified C2 server 87e0bbc636999b.lhr.life and any anomalous connections to GitHub repositories not associated with known projects. Intrusion detection systems (IDS) and endpoint detection and response (EDR) tools can be configured to alert on such activity.

For systems suspected of infection, scanning for unusual processes related to DDoS activity is essential, especially when axois-utils is involved. Indicators include high CPU usage by Node.js processes, unexpected network traffic surges, and persistence mechanisms such as modified startup scripts or scheduled tasks.

From a preventive standpoint, developers should adopt strict package validation policies, including verifying package authorship, checking package hashes against known-good versions, and using package signing where available. Organizations can also restrict package installation to approved registries and runtime application self-protection (RASP) to detect malicious behaviors.

Vendor and Community Response

Following public disclosure of the Shai-Hulud npm infostealer campaign, npm security teams have taken action to remove the identified malicious packages and suspend the associated account deadcode09284814. However, due to the open nature of the npm , similar typosquatting packages may continue to appear. The npm registry has been urged to enhance automated scanning for malware signatures, behavioral analysis during package installation, and stricter identity verification for publishers.

Open-source security communities, including the Node.js Foundation and various cybersecurity firms, have increased efforts to educate developers about supply chain risks. Initiatives such as the Open Source Security Foundation (OpenSSF) promote like dependency pinning, reproducible builds, and continuous monitoring to reduce s.

Security researchers continue to monitor for new variants of Shai-Hulud and related malware, sharing indicators and detection techniques through threat intelligence platforms. Collaborative efforts between npm, GitHub, and cloud providers aim to disrupt attacker infrastructure and prevent credential abuse stemming from these campaigns.