SOCKET Threat Research has identified a new npm package named `shai_hulululud`, which targets AI-based malware scanners using evasion techniques like prompt injection and context flooding. This package, sized at 9.28 MB, obfuscates its JavaScript payload while providing adversarial content intended to disrupt security analyses. It includes a block comment with instructions to ignore safety guidelines and floods the context window with repeated phrases, exceeding the tokens manageable by current AI models.
While the package does not contain a typical credential-stealing payload, it serves as a test case for security tools, echoing previous adversarial techniques seen in prior malware campaigns. Recommendations for defense include treating AI scanners as part of the threat model, implementing deterministic preprocessing, and ensuring scanners fail closed during analysis.