ACCORDING to Ox Security, the first Shai-Hulud worm clones emerged after TeamPCP released the malware’s source code on GitHub, with at least one threat actor adopting it in attacks against NPM developers. Shai-Hulud was first used in September 2025 and again in November in supply chain campaigns that hit hundreds of NPM packages and likely infected thousands of developers.
The malware is designed to steal credentials, API keys and other secrets, then propagate by injecting itself into maintained packages and publishing malicious versions. Last week, four NPM packages containing infostealer malware, including one that is a direct clone of the worm, appeared with a direct C&C server and private key, and had a combined weekly download count of over 2,600.
Ox notes that this signals a single actor using multiple techniques and infostealer types to spread malicious code onto NPM, described as the first phase of an upcoming wave of supply chain attacks. Security researchers warned of a surge in activity following the source code release, as cybercriminals quickly adapted the worm for new attacks.