Blockchain security firm SlowMist has uncovered a sophisticated npm worm, dubbed "Mini Shai-Hulud," that is infiltrating prominent developer projects such as TanStack, UiPath, and DraftLab. The worm exploits compromised GitHub credentials to publish malicious packages, embedding a script named router_init.js that executes in CI/CD environments like GitHub Actions. This script is designed to steal CI/CD secrets, cloud infrastructure credentials, and cryptocurrency wallet information.
SlowMist has issued a warning to developers using the affected packages to scan their CI/CD pipelines for the presence of router_init.js, rotate all exposed credentials, and monitor for unusual activity. The firm has also shared threat intelligence with its clients to mitigate the impact of this attack.
SlowMist Identifies 'Mini Shai-Hulud' npm Worm Targeting Developer Projects
Aviso Legal: O conteúdo disponibilizado no Phemex News é apenas para fins informativos. Não garantimos a qualidade, precisão ou integridade das informações provenientes de artigos de terceiros. Este conteúdo não constitui aconselhamento financeiro ou de investimento. Recomendamos fortemente que você realize suas próprias pesquisas e consulte um consultor financeiro qualificado antes de tomar decisões de investimento.