MalwareBleeping Computer
6.5 — HIGH
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A new campaign using leaked Shai-Hulud malware has targeted the Node Package Manager (npm) index, infecting four malicious packages that exfiltrated developer credentials and secrets.
⚙️Technical Details
Affected Systems
npm index
Attack Vectors
Typosquatting targeting Axios usersInfostealer + persistent DDoS botnetBasic infostealer targeting crypto wallets and IP info
💥Impact Assessment
Severity: high
Who Is at Risk
Developers who downloaded infected npm packages
🛡️Recommended Actions
1Remove immediately any infected npm packages
2Rotate credentials and API keys on affected systems
3Monitor for suspicious activity and update dependencies regularly
📦Affected Products
npm indexAxios users
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.