Just months after the @ctrl/tinycolor compromise highlighted how the Shai-Hulud malware family could self-propagate through maintainer portfolios, attackers have returned with a more advanced variant. This latest iteration pushes the concept even further: it operates fully autonomously, requires no human operator once deployed, and scales its own distribution using any valid credential it can harvest.

Overview of the Attack

While the original worm already abused TruffleHog, cloud SDKs, and GitHub automation for credential harvesting and persistent backdoors, the new strain expands on those behaviors with higher throughput and broader targeting. Once it lands on a developer or CI system, it immediately begins collecting NPM tokens, GitHub PATs, and cloud API keys. These stolen credentials are then used in real time to:

• Publish compromised package versions under trusted namespaces
• Spin up thousands of malicious GitHub repositories
• Leak harvested secrets into public repos, effectively crowdsourcing exploitation by secondary attackers

This end-to-end automation means the worm behaves less like a typical supply-chain compromise and more like an ecosystem-wide credential botnet.

Scope and Impact

The scale of the current outbreak dwarfs the initial @ctrl/tinycolor incident. More than 26,000 malicious repositorieshave been created so far, and compromised packages tied to Zapier, ENS Domains, Postman, PostHog, and others have already been identified.

Because many of these libraries are embedded deep within automation pipelines and application architectures, the downstream reach is substantial. The worm no longer relies on a single entry point: every compromised machine, token, or package becomes a new propagation vector.

What Development Teams Need to Understand

Teams should assume that any environment interacting with NPM or GitHub during the affected timeframe may have been leveraged by the worm. Unlike typical supply-chain attacks that stop at credential theft, this variant immediately weaponizes stolen tokens:

• Publishing new malicious versions under legitimate project names
• Creating large numbers of public repositories containing leaked secrets
• Using each compromised asset as a springboard to infect others

The behavior marks a fundamental shift: this is not a breach of a single maintainer or library but a self-expanding mesh of compromised identities and infrastructure.

Recommendations

1. Audit Dependencies
   Review all Zapier/ENS/related NPM packages and versions. Remove or pin where feasible.
2. Rotate All Sensitive Credentials
   GitHub PATs, NPM tokens, cloud keys, CI/CD secrets — if it touched NPM or GitHub, assume exposure.
3. Harden CI/CD and Package Consumption
   • Disable npm postinstall scripts in CI where possible
   • Enforce MFA for GitHub
   • Pin package versions and enable dependency cooldown periods
   • Consider tooling such as Safe-Chain to block malicious NPM packages
4. Scan Entire Repository History for Secrets
   Not just recent commits — the worm’s automation capitalizes on even momentary exposure.
5. Monitor for Anomalous Activity
   Watch for:
   • Unexpected package publications
   • Sudden repository creations
   • Unusual credential usage patterns

Because this variant’s amplification behavior is still unfolding, continuous monitoring is essential until the ecosystem stabilizes.