An escalating series of highly coordinated supply chain attacks has rocked the JavaScript ecosystem, targeting the widely used Node Package Manager (NPM) platform. Across multiple campaigns, threat actors have deployed hundreds of malicious packages to infiltrate software supply chains, compromise system integrity, and exfiltrate sensitive data from industrial and electronics firms. Among the most damaging of these is the newly uncovered malware campaign known as “Shai-Hulud,” alongside other tactics involving phishing, automated malware injection, and nation-state espionage.
Industrial and Software Supply Chains are Being Targeted Through NPM
Researchers have uncovered over 175 malicious NPM packages used in an automated phishing campaign directed at more than 135 industrial and electronics firms. The campaign reflects a disturbing shift toward targeting operational technology (OT) environments and critical industrial infrastructure via developer ecosystems. These attacks employed deceptive emails and fake support contacts to manipulate package maintainers and compromise widely trusted packages.
Targeted Phishing Against High-Profile Packages Breaches Supply Chain Defenses
A particularly severe incident occurred on September 8, 2025, when attackers successfully phished the maintainer of the prolific JavaScript library ‘chalk’. Within just 16 minutes, attackers injected cryptocurrency-draining malware into at least 18 trusted packages. These packages collectively receive over two billion weekly downloads, amplifying their reach across the software landscape. The embedded malware utilized advanced evasion techniques to:
- Intercept and tamper with cryptocurrency wallet transactions
- Modify application behavior without detection
- Hide its presence from developers and end users
Although financial losses were relatively low—limited to around $500 in stolen cryptocurrency—the attack laid bare systemic vulnerabilities in how packages are trusted and updated in open-source ecosystems.
“Shai-Hulud” Campaign Signals Largest Known NPM Infection
The campaign codenamed “Shai-Hulud” has emerged as the most extensive supply chain attack on the NPM platform to date. First uncovered by Koi Security, the malware infected hundreds of JavaScript packages, including prominent ones like `@ctrl/tinycolor` and those developed by security vendor CrowdStrike.
This malware campaign is unique in its worm-like propagation strategy. It extracts secrets from compromised project files using embedded scripts and redeploys itself persistently through:
- Obfuscated JavaScript injected into `bundle.js`, auto-executed on install
- Integration of TruffleHog, a legitimate secret scanner, to locate and exfiltrate credentials
- Creation of hidden GitHub Actions workflows to maintain long-term backdoor access
Compared to earlier campaigns focused on cryptocurrency theft, Shai-Hulud exhibits a stronger emphasis on persistence, developer environment compromise, and CI/CD pipeline exploitation—signaling a shift toward broader sabotage tactics.
Full Automation and Nation-State Actors Are Raising the Stakes
Automation Enables Scalable, Hard-to-Detect Attacks
Checkmarx researchers disclosed that threat group RED-LILI has fully automated supply chain abuse. The attackers created hundreds of malicious NPM packages while automating the process of account registration—one disposable NPM account per infected package—to avoid detection. Traditional dependency confusion attacks were complemented by automated creation and deployment tactics, making timely remediation much more difficult.
State-Sponsored Campaigns Hide Malware in Phony Job Offers
Notably, North Korean threat actors have also infiltrated the NPM repository by distributing malware-infected packages through fake recruitment campaigns. Using platforms such as LinkedIn and Telegram, attackers lure software developers into downloading NPM packages under the guise of job application assignments. This broader campaign, dubbed “Contagious Interview,” has included:
- Use of malware variants like BeaverTail and HexEval
- Over 17,000 reported downloads of compromised developer tools
- Intent to steal proprietary code, engineer backdoors, or extract cryptocurrency
AI Tools are Weaponized in Emerging Breaches
An associated attack on the open-source build platform Nx highlighted not just the theft of publishing tokens, GitHub credentials, and SSH keys, but also the use of generative AI tools like Claude and Gemini for automated reconnaissance and code review. This marks one of the first documented uses of AI assistants to enhance the effectiveness of software supply chain attacks.
Malicious NPM Packages Contain Backdoors, Infostealers, and Surveillance Code
Developers relying on NPM packages encounter significant risk due to wide-reaching, malicious dependencies. Some of the tactics observed in recent campaigns include:
- WebSocket-based backdoors enabling remote code execution after install
- Infostealers like Scavanger, which harvest browser-stored data, internal IPs, and DNS info
- Scripts that bypass sandboxing via host and reverse DNS name resolution
- Typosquatting packages closely mimicking legitimate ones to infiltrate CI/CD environments
In total, more than 400 affected NPM packages have been identified across attacks over the last several months.
Recommendations to Secure Development Pipelines
Given the scale and persistence of these attacks, organizations and developers must act immediately to audit and fortify their supply chain and development environments. Security firms recommend:
- Rotating all exposed and potentially compromised credentials, including NPM and GitHub tokens
- Performing detailed audits of NPM dependencies, including transitive dependencies
- Enabling two-factor authentication wherever possible—even if not enforced by registries as a publishing requirement
- Monitoring CI/CD pipelines for unauthorized GitHub Actions
- Leveraging static analysis and anomaly detection to flag unexpected bundle scripts and post-install behaviors
The series of incidents targeting the NPM ecosystem exemplifies a broader evolution in software supply chain threats. With adversaries leveraging automation, social engineering, and artificial intelligence, and explicitly targeting OT and critical infrastructure domains, the nature of the threat has shifted from isolated compromise to systemic risk. Developers and enterprises alike must treat every dependency as a potential attack vector—and adjust their security postures accordingly.
