Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Notorious malware crew TeamPCP appears to have open-sourced its Shai-Hulud worm.

Security outfit Ox on Tuesday spotted a pair of repos on GitHub, both of which contain the following text:

Shai-Hulud: Open Sourcing The Carnage
Is it vibe coded? Yes. Does it work? Let results speak.
Change keys and C2 as needed. Love - TeamPCP

The Register checked out the repos a few hours before publishing this story and at the time one listed a single fork, and the other mentioned 31. At the time of writing, those numbers have grown to five and 39.

That growth accords with Ox’s assertion that “independent threat actors have already begun modifying it and expanding its reach.”

Ox’s analysts looked at the source code in the repos and believe it displays “the same patterns from previous Shai-Hulud attacks are immediately recognizable, as expected. This includes uploading stolen credentials to a new GitHub ...