Threat actors behind the virulent Shai-Hulud worm that wreaked havoc in open npm repositories toward the end of 2025 apparently are trying out a new strain that comes with slight modifications.
Security researchers with Aikido Security, who have been tracking Shai-Hulud for months, wrote in a report that was updated January 2 that there doesn’t appear to be an outbreak of infections from the latest strain, which was found in the npm package here, but which has since been removed.
The fact that there isn’t a major spread of the strain “suggests we may have caught the attackers testing their payload,” Aikido malware researcher Charlie Eriksen wrote. “The differences in the code suggest that this was obfuscated again from original source, not modified in place. This makes it highly unlikely to be a copy-cat, but was made by somebody who had access to the original source code for the worm.”
The npm package that includes the new Shai-Hulud strain reportedly was initially uploaded in March 2021 by a user dubbed “huquocdat,” though it wasn’t updated until December 28, 2025.
Stealing Secrets
The rapidly propagating worm emerged in September 2025 and quickly spread, creating tens of thousands of malicious repositories that affected hundreds of GitHub users and hundreds of compromised packages. The malware is used to steal sensitive credentials that include API tokens, SSH keys, cloud access keys, and environment secrets – securely encrypted values that function as environment variables within workflows.
The data is then exfiltrated from GitHub repositories controlled by the attackers.
Another version of Shai-Hulud – which arose in November 2025 and in repositories was described as “Sha1-Hulud: The Second Coming” – included the same features found in the first iteration, but also included new capabilities that made it more difficult to detect and faster to replicate, making it more dangerous.
Ashish Kurmi, co-founder and CTO of Step Security, wrote in November that the “malicious code that steals and publicly exposes developer credentials, marking one of the most significant supply chain incidents of recent months. The ‘Sha1-Hulud: The Second Coming’ attack demonstrates that supply chain security remains one of the most critical challenges facing the software development ecosystem.”
Cybersecurity firm Wiz said as much as 27% of cloud and code environments were affected by the second coming of Shai-Hulud.
Changes in Latest Payload
According to Aikido’s Eriksen, changes in the new Shai-Hulud strain include an initial file now called “bun_installer.js” and a main payload called “environment_source.js.”
There is also a new GitHub repository description – “Goldox-T3chs: Only Happy Girl” – when the malware leaks data to GitHub, he wrote.
In addition, the new names of the files containing the leaked data include “3nvir0nm3nt.json,” “cl0vd.json,” “c9nt3nts.json,” “pigS3cr3ts.json,” and “actionsSecrets.json.”
The malware also does a better job of handling errors when TruffleHog, a scanning tool that digs into code repositories to find secrets, passwords, and sensitive keys, times out, and comes with version-dependent package publishing.
“In the previous version, it tried to call bun to publish a package it had infected, which does not work on Windows,” Eriksen wrote. “It now handles that.”
‘Dead Man Switch’ is Gone
He added that “there’s a subtle, but important difference in the order of which data is collected and saved, which suggests an intentional change. … In the old version, it saved the ‘contents’ file first. Now it saves it last.”
There is good news, Eriksen wrote. In the iteration released in November, the malware included a “dead man switch” that tried to wipe the data from the user’s home directory if the data exfiltration failed. In the version found by Aikido, that dead man switch “appears to be gone,” he wrote.
The researchers also noticed a bug that the threat actors mistakenly put into their code. Regarding the file names, in the first case, it tries to fetch the file “c0nt3nts.json, but it actually saves the file c9nt3nts.json
