VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Mini Shai‑Hulud: malicious updates to @antv packages via compromised npm account

Mini Shai‑Hulud: вредоносные обновления пакетов @antv через скомпрометированный npm‑аккаунт

Colleagues, a cybersecurity alert: a wave of Mini Shai‑Hulud attacks has been detected, compromising packages in the @antv ecosystem and several related npm modules.

In brief:
- The npm account 'atool' was compromised — hundreds of trojanized releases were published (639 versions across 323 packages).
- A stealer harvests 20+ types of credentials (AWS, GCP, Azure, GitHub, npm, SSH, Kubernetes, databases, Stripe) and exfiltrates them.
- The attack leverages preinstall hooks, abuses npm tokens for automated republishing, and writes stolen data to public repositories as a backup.

Why it matters: supply‑chain compromise yields a wide blast radius and the risk of automatic pulling of malicious updates.

How do you plan to strengthen dependency and CI/CD protection?

#cybersecurity #supplychain #npm #DevSecOps

Latest comments

No comments yet.