Blockchain security firm SlowMist has uncovered a sophisticated npm worm, dubbed "Mini Shai-Hulud," that is infiltrating prominent developer projects such as TanStack, UiPath, and DraftLab. The worm exploits compromised GitHub credentials to publish malicious packages, embedding a script named router_init.js that executes in CI/CD environments like GitHub Actions. This script is designed to steal CI/CD secrets, cloud infrastructure credentials, and cryptocurrency wallet information.
SlowMist has issued a warning to developers using the affected packages to scan their CI/CD pipelines for the presence of router_init.js, rotate all exposed credentials, and monitor for unusual activity. The firm has also shared threat intelligence with its clients to mitigate the impact of this attack.
SlowMist Identifies 'Mini Shai-Hulud' npm Worm Targeting Developer Projects
Aviso legal: El contenido de Phemex News es únicamente informativo.No garantizamos la calidad, precisión ni integridad de la información procedente de artículos de terceros.El contenido de esta página no constituye asesoramiento financiero ni de inversión.Le recomendamos encarecidamente que realice su propia investigación y consulte con un asesor financiero cualificado antes de tomar cualquier decisión de inversión.