A malware campaign dubbed 'Shai-Hulud' is infecting software supply chains, targeting popular package repositories npm and PyPI. Researchers have linked roughly 320 package entries to the campaign, collectively accounting for over 518 million monthly downloads.
Earlier this month, Microsoft Threat Intelligence disclosed that attackers inserted malicious code into a Mistral AI software package on PyPI. The malware downloaded a file disguised as Hugging Face's Transformers library to blend into machine-learning environments. Mistral stated that an affected developer device was involved, but its infrastructure was not compromised.
Two days later, OpenAI confirmed that the same malware infected two employee devices, granting attackers access to limited internal code repositories. No customer data, production systems, or intellectual property were compromised.
Shai-Hulud, named after the sandworms in Frank Herbert's 'Dune,' was traced back to September 2025 and cybercriminals known as TeamPCP. The campaign gained attention after a major attack on TanStack, a widely used open-source JavaScript framework. The malware poisons build caches, making malicious code appear legitimate through valid signatures from trusted sources.
On Sunday, OX Security reported new malicious packages mimicking Shai-Hulud are stealing cloud and crypto wallet credentials, SSH keys, and environment variables, while some variants turn infected machines into DDoS botnets. The copied code shows minimal obfuscation, indicating different actors.
On Tuesday, GitHub confirmed investigating unauthorized access to its internal repositories after TeamPCP claimed to have stolen roughly 4,000 private repos, offering them for at least $50,000 on a cybercrime forum.