A new wave of the Mini Shai-Hulud worm has compromised packages across Alibaba’s AntV data visualisation ecosystem, including echarts-for-react, timeago[.]js, and dozens more, with stolen CI/CD secrets being dumped to thousands of public GitHub repositories as the attack continues to spread, according to StepSecurity.
The campaign revolves around the atool npm account, which publishes timeago[.]js and maintains the @antv namespace, and has used two delivery mechanisms and a two-wave publication pattern to broaden its reach. The attack unfolded on May 19, 2026 (UTC) in two coordinated waves, with Wave 1 at 01:56 UTC and Wave 2 at 02:06 UTC, and involved compromised versions of many packages such as echarts-for-react and several AntV utilities.
C2 traffic targeted t.m-kosche[.]com, while exfiltration also occurred via a GitHub API dead-drop in the antvis/G2 repository, with Harden-Runner successfully blocking the C2 domain and flagging memory-read attempts from Runner[.]Worker. The campaign has resulted in over 2,500 public repositories and a large-scale credential theft across CI/CD environments.