Source: FlixPix via Alamy Stock Photo
A self-replicating malware is worming its way into open source software components.
The malware's name is "Shai-hulud," presumably taking its name from the Dune sandworms, and it's particularly notable in that it has spread across hundreds of open source software packages, stealing credentials and infecting other components without much direct attacker input. The worm seemingly emerged somewhat recently, as ReversingLabs said in an analysis that it first detected Shai-hulud on Sept. 15.
The campaign shares similarities with an attack that occurred earlier this month, when prolific developer Qix had its node packet manager (NPM) account hacked; threat actors then poisoned versions of 18 popular applications Qix maintained, accounting for more than 2 billion weekly downloads, with crypto-stealing malware. The malware was effective for a short time and the attack by most accounts fizzled quickly.
It is unclear whether this campaign will meet a similar fate, but early signs are concerning.
Shai-hulud's Replication Scheme
Shai-hulud is an info-stealing malware that infects components, uses the access to publish poisoned versions, and then harvests NPM accounts of those affected by the malware downstream.
As ReversingLabs said in its analysis, the worm begins its journey inside of a compromised component. When that component is used in development of a software package and that poisoned software is downloaded by an unsuspecting user, the worm activates and runs an infostealer that targets secrets, tokens, credentials, and more inside the user's environment. The worm uses that access to get into the victim's NPM account and install itself in the projects the user maintains.
Related:'Lies-in-the-Loop' Attack Defeats AI Coding Agents
"After an NPM developer account is compromised, the worm looks for other packages the developer maintains. It then creates a new version of each of those packages by injecting itself into them," Karlo Zanki, research author and ReversingLabs reverse engineer, wrote. "Each newly created package is modified with a postinstall action that will execute the malicious bundle.js when an unsuspecting user downloads the compromised package. This is repeated in perpetuity as the worm finds new developers to infect, and then uses them to spread even further."
Those poisoned software packages are then used in development of other software packages, and the cycle continues. Along the way, although the malware primarily targets NPM, GitHub, AWS, and GCP tokens, the worm installs open source secret-finding tool Trufflehog into compromised environments.
Related:'K2 Think' AI Model Jailbroken Mere Hours After Release
Shai-hulud will also take private repositories and attempt to create a public copy. Zanki wrote that "this is likely an attempt to gain access to secrets hardcoded in those repositories, and possibly to steal the source code they contain." This source code can then be used to find potential vulnerabilities.
ReversingLabs said the most likely "patient zero" at this time is a package known as "rxnt-authentication." Though the company isn't sure how the package was compromised, Zanki suggested that a social engineering attack could be a possible cause given how Qix and other developers were breached in similar attacks recently.
In an analysis of its own, Wiz assessed that Shai-hulud was tied to the recent Nx/S1ngularity supply chain attack, "where initial GitHub token theft enabled the broader chain of compromise and leaking of formerly private repositories."
"The initial NPM packages that started this chain reaction included multiple known-compromised victims of the s1ngularity attack," Wiz said.
Shai-hulud Scope and Mitigation
ReversingLabs said that although it is difficult to determine who will get compromised next, the worm's campaign has claimed hundreds of NPM packages. Based on how the repository migration functionality works, the vendor was able to find approximately 700 likely affected repos based on a search.
Related:EoP Flaws Again Lead Microsoft Patch Tuesday
And given how widely many open source components are used, many different parties are affected.
"Among those are tech company founders and CTOs; companies providing software development services; developers working for nonprofit organizations; tech leads in companies building gambling hardware and software and creating office development suites; developers in AI-first companies; security vendors — including a leading endpoint detection and response (EDR) vendor; student developers; and others that rely on NPM each day to build software," Zanki wrote.
Developers who want to check if they're affected can do so, ReversingLabs said, by going to their NPM user account activity page, looking for new repositories that have "Shai-Hulud Migration" in their description, and searching for newly created branches named "shai-hulud."
ReversingLabs chief software architect Tomislav Peričin tells Dark Reading that the Shai-hulud campaign is more dangerous than what happened with Qix because there's no way to tell how the leaked secrets may get abused, and no way to tell what the attackers will do next.
"Intent isn't as clear with this software supply chain attack. Since the goal is to get access to as many secrets as possible, it is likely that the attackers are reviewing the access they've just gotten to plan their next move," Pericin says. "With everyone being focused on this attack, and it being noisy, exposed secrets are likely going to be rotated quickly."
Asked about mitigation efforts, he says, "If the security community moves quickly we can corner the worm, so to speak. It is slowing down and there's a chance that prompt take-downs will break the propagation cycle."