Leaked Shai-Hulud malware fuels new npm infostealer campaign
Leaked Shai-Hulud malware deployed in four malicious npm packages by threat actor.
Summary
A threat actor using the account deadcode09284814 published four malicious npm packages embedding the recently leaked Shai-Hulud malware, targeting developer credentials, secrets, and cryptocurrency wallet data. The packages used typosquatting tactics (e.g., chalk-tempalte, axois-utils) and included DDoS botnet functionality in addition to information-stealing capabilities. OXsecurity researchers attributed the malware to a different actor than TeamPCP, noting the unobfuscated source code deployment, and reported the packages were downloaded 2,678 times combined before removal.
Full text
Leaked Shai-Hulud malware fuels new npm infostealer campaign By Bill Toulas May 18, 2026 01:28 PM 0 The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency wallet data, and account information. All rogue packages included routines that exfiltrated information, such as credentials and configuration files, but one also turned the system into a bot for distributed denial-of-service (DDoS) activity. Researchers at OXsecurity, a company that secures applications from code to runtime, discovered the malicious uploads over the weekend and noticed that the threat actor used misspelled names (typosquatting) targeting Axios users, and some generic ones: chalk-tempalte – Shai-Hulud clone (information stealer) @deadcode09284814/axios-util – Credential and cloud config stealer axois-utils – Infostealer + persistent DDoS botnet (“phantom bot”) color-style-utils – Basic infostealer targeting crypto wallets and IP info According to the researchers, the chalk-tempalte package contains a clone of the Shai-Hulud malware attributed to the TeamPCP hacker group that is reponsible for the recent Mini Shai-Hulud software supply-chain attack. The malware emerged on GitHub last week, with a message allegedly from TeamPCP saying "Here We Go Again - Let the Carnage Continue. A Gift from TeamPCP." The chalk-tempalte package appears to be the first documented case of a Shai-Hulud clone deployed on npm, though Ox notes that it’s not a sophisticated example, but rather an unmodified copy of the leaked source code without any protection. “One incriminating evidence that this is a different actor from TeamPCP, is that the Shai-Hulud malware code is an almost exact copy of the leaked source code, with no obfuscation techniques, which make the final version visually different from the original,” OXsecurity explains. The malware steals credentials, secrets, crypto wallet data, and account information and exfiltrates it to a command-and-control (C2) server at 87e0bbc636999b[.]lhr[.]life. The code retains the GitHub publishing functionality, so it uploads stolen credentials to public, auto-generated repositories. Of the other three packages, ‘axois-utils’ stands out for including DDoS capability, in addition to the information-stealing functionality present across all four packages. The package supports HTTP, TCP, and UDP floods, as well as TCP reset attacks, while the researchers have also found internal references to a “phantom bot.” DDoS attack codeSource: OXsecurity The Shai-Hulud campaign had multiple iterations since September 2025, stealing developers’ data by injecting malware into legitimate projects. After stealing credentials for accounts with publishing rights, the exfiltrated information was exposed in public GitHub repositories. The campaigns were attributed to the TeamPCP hacker group. In a previous report, OXsecurity says that threat actors quickly copied the malware source code and started modifying it to extend its capabilities. The researchers recommend that developers who downloaded infected npm packages remove them immediately and rotate their credentials and API keys on affected systems. OXsecurity notes that the four packages had a combined download count of 2,678. The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Download Now Related Articles: Shai Hulud attack ships signed malicious TanStack, Mistral npm packagesPopular node-ipc npm package compromised to steal credentialsTeamPCP hackers advertise Mistral AI code repos for saleOpenAI confirms security breach in TanStack supply chain attackBitwarden CLI npm package compromised to steal developer credentials
Indicators of Compromise
- domain — 87e0bbc636999b.lhr.life
- malware — Shai-Hulud