Researchers Spot New Shai Hulud Variant

Variant Likely in Beta Stage, Aikido Researcher Said Akshaya Asokan (asokan_akshaya) • December 29, 2025

Hackers behind the Shai Hulud malicious npm JavaScript campaign are likely testing a new variant of the malware.

See Also: Merging Without Mayhem: PAM Strategies that Work

Security researchers at Aikido on Sunday uncovered an apparently new Shai Hulud variant, uploaded to npm through a GitHub repository called @vietmoney/react-big-calendar. Shai Hulud is the moniker for a campaign of self-propagating attacks on the npm JavaScript repository by hackers who apparently took inspiration from the giant worms -necessary for spice production on the desert planet Arrakis in sci-fi series Dune. Attackers named GitHub repositories receiving stolen data "Shai Hulud," after an in-universe term for the giant worms.

"There does not seem to be any major spread or infections," Aikido researcher Charlie Eriksen said about the latest variant. "This suggests we may have caught the ...