SECURITYWEEK reports that the Mini Shai-Hulud supply chain campaign, blamed on TeamPCP, compromised more than 170 packages across multiple high-profile projects, including 42 TanStack packages and 65 UiPath packages, as well as Mistral AI’s PyPI packages and the OpenSearch JavaScript client. Over 400 malicious package versions were published, with at least 401 malicious artifacts released within a five-hour window, SafeDep says.
The attack chained three known weaknesses to release 84 malicious artifacts across 42 TanStack packages, and attackers used a compromised GitHub Actions workflow to publish via a poisoned CI/CD pipeline, exploiting an ambient OIDC token to bypass steps. The campaign’s payload includes a 2.3 MB implant injected into TanStack package tarballs, designed to harvest credentials and secrets and to persist and self-destruct, with stolen data exfiltrated through multiple channels.
The Python variant targeted Guardrails AI and Mistral AI PyPI packages, harvesting extensive credentials and even password managers, while the malware checks system language to avoid infecting Russian users. According to Wiz, the campaign also involved renaming the TanStack/router repository fork to a suspicious config, enabling credential theft and token misuse.