One new supply chain security campaign, dubbed Sha1-Hulud, has recently infected hundreds of npm packages. This attack has impacted over 27,000 repositories and over ~350 unique users. The malware compromises the pre-install phase of software dependencies. It then executes a series of advanced workflows targeting sensitive information like NPM tokens and cloud platform credentials. Security researchers from the private sector, academia, and government have together alerted stakeholders to the rapid increase in software supply chain attacks. These organizations are Aikido, HelixGuard, JFrog, Koi Security, ReversingLabs, SafeDep, Socket, Step Security and Wiz.
Sha1-Hulud operated between November 21 and 23, 2025, when the victim of the attack uploaded the bad npm packages. In order to run itself automatically, the malware exploits the pre-install phase. This is an enormous risk for any organization that relies on automated build servers. The latest attack affects widely used packages used by many enterprises such as Zapier and Postman. It makes cross-victim exfiltration possible.
Mechanisms of Attack
Sha1-Hulud operates on two separate workflows. These workflows allow it to register a previously compromised machine as a self-hosted runner named “SHA1HULUD.” This register allows the malware to get a better hold on the system it infected. Once created, it downloads and runs TruffleHog, an open-source tool to locally scan the machine for sensitive information.
This malware is especially nefarious, as it’s able to gain root privileges on Linux machines. In particular, it runs a Docker command that mounts the host’s entire root filesystem into a special privileged container. This move opens up access to vital system elements. To further establish itself on the device, Sha1-Hulud copies a malicious sudoers file which provides the compromised user with passwordless root access.
“The Sha1-Hulud 2.0 campaign represents a critical and highly aggressive escalation in software supply chain attacks, moving beyond its predecessor’s methods by changing the point of infection.” – Justin Moore, senior manager of Threat Intel Research at Palo Alto Networks Unit 42
Data Exfiltration Techniques
Sha1-Hulud employs advanced methods for data exfiltration. It encodes the purloined information through at least three layers of Base64 encoding first, before emitting it to external servers. This method aids in avoiding detection from security systems that might monitor suspicious activity from outgoing traffic.
In addition to the content typically found in .env files, the malware collects other sensitive information, such as environment variables and cloud credentials from AWS, GCP, and Azure. By stealing these tokens and credentials, attackers can take over valuable accounts and resources.
“By targeting the pre-install phase of software dependencies, the malware achieves two significant breakthroughs: it completely eliminates the need for human interaction and effectively bypasses static scanning tools.” – Justin Moore, senior manager of Threat Intel Research at Palo Alto Networks Unit 42
Catastrophic Consequences
Beyond credential theft, Sha1-Hulud transports a fail-safe sollte which is engineered to compound its effects. If the malware is unable to exfiltrate any data or set up a channel for it to be exfiltrated, it triggers a backup payload. This payload then tries to delete all of the victim’s home directory. This shift from espionage to data destruction marks a major increase in the danger inherent to these kinds of attacks.
“In other words, if Sha1-Hulud is unable to steal credentials or obtain tokens, it defaults to catastrophic data destruction.” – Yuval Ronen and Idan Dardikman
Security researchers noticed that this campaign marks another unfortunate trend of npm supply-chain compromises. More insidiously, it adds additional variants that run malicious code at the preinstall stage. This evolution raises the prospect for more exposure in both build and runtime environments.
“This makes the malware self-healing – if a victim deletes previous malicious repositories, the attacker can re-seed victims through GitHub search.” – Socket Research Team
