THE Mini Shai-Hulud worm has resurfaced in one of its largest single-registry waves to date, hitting hundreds of npm packages tied to the AntV data visualization ecosystem in a coordinated burst lasting around an hour. According to new analysis by Socket's Threat Research Team, the attack began around 01:56 UTC on May 19 and pushed 639 malicious versions across 323 unique packages before stopping roughly an hour later.
Several affected packages are high-download npm dependencies, including echarts-for-react, size-sensor, @antv/scale, and timeago[.]js, among others, and the compromised npm maintainer account, “atool,” held publish rights to more than 500 packages. Each malicious version added a preinstall hook to package[.]json that executes a 498 KB obfuscated Bun bundle, harvesting cloud credentials, CI/CD tokens, SSH keys, Kubernetes service account tokens and local password manager vaults.
The payload exfiltrated stolen data through public GitHub repositories created using stolen tokens, named after Dune universe terminology with descriptions containing a reversed marker reading "Shai-Hulud: Here We Go Again." Across all waves, the campaign has been tracked as 1055 compromised versions across 502 unique packages spanning npm, PyPI and Composer.