CrowdStrike npm Packages Hit by Supply Chain Attack

A new supply chain attack has compromised multiple npm packages maintained by the crowdstrike-publisher account, marking a worrying continuation of the so-called “Shai-Halud attack.”

Developers and organizations using these packages should take immediate action to safeguard credentials and prevent unauthorized code execution.

The Shai-Halud attack first drew attention when it infiltrated tinycolor and over 40 other npm libraries.

In each case, threat actors injected a malicious bundle.js script that executes covert tasks once installed.

The latest incident mirrors the earlier compromises: a malicious payload downloads and runs TruffleHog, a legitimate tool designed to scan for secrets, and then uses it to scour the host system for tokens, API keys, and cloud credentials.

After collecting valid developer and continuous integration secrets, the malware creates unauthorized GitHub Actions workflows in affected repositories.

Finally, it ...