New Shai-hulud Worm Infecting npm Packages With Millions of Downloads

ReversingLabs discovers “Shai-hulud,” a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer secrets, exposes private code, and spreads through popular packages like ngx-bootstrap and @ctrl/tinycolor.

A new and dangerous self-replicating computer worm, named Shai-hulud, has been discovered on the Node Package Manager (npm) open-source registry (a huge library where developers share and use pieces of JavaScript code).

Security firm ReversingLabs (RL), which shared its findings with Hackread.com, identified the worm on September 15, claiming that this is the first time a worm of this kind has been found on the platform. The name Shai-hulud comes from the malicious code’s own repository and is a nod to the giant sandworms from the popular sci-fi series “Dune.”

Shai-hulud spreads by taking over a developer’s npm account and secretly adding harmful code to their public and private ...