The software supply chain faces a new and sophisticated threat: Shai Hulud v2, a malware campaign that has already compromised 834 packages across the npm and Maven ecosystems. By targeting GitHub Actions workflows, this campaign demonstrates the evolving dangers of supply chain attacks on CI/CD pipelines.
How Shai Hulud v2 Works
Shai Hulud v2 specifically abuses pull_request_target triggers in GitHub Actions, allowing attackers to inject malicious code into widely used libraries. Major projects impacted include PostHog, Zapier, and AsyncAPI, highlighting the broad reach of this campaign.
The malware employs a two-stage loader, initiated by a pre-install script named setupbun.js, which installs the Bun runtime to execute an obfuscated payload, bunenvironment.js. By suppressing standard output during build logs, it avoids detection while infiltrating CI pipelines.
Once inside a CI environment, the malware gains privileged access to repository secrets, enabling it to:
- Modify source code
- Increment patch versions
- Republish infected packages to public registries
Persistence and Stealth Mechanisms
Socket.dev analysts observed that Shai Hulud v2 uses a unique beacon phrase, “Sha1-Hulud The Second Coming,” to search GitHub for vulnerable repositories, ensuring the malware can re-infect even cleaned repositories.
This persistent design allows attackers to maintain long-term access to sensitive credentials from tens of thousands of repositories.
Credential Harvesting and Infrastructure Exploitation
Shai Hulud v2 aggressively targets environment variables, specifically:
GITHUB_TOKENNPM_TOKENAWS_ACCESS_KEY_ID
It also deploys TruffleHog to scan local filesystems for embedded secrets. Beyond GitHub, the malware enumerates cloud infrastructure across AWS, Google Cloud, and Azure, exfiltrating secrets to randomly generated GitHub repositories within victim accounts.
For Linux runners, it attempts privilege escalation via sudoers modifications or docker run --privileged commands. If no valid credentials are found, the malware activates a destructive wiper function, deleting all files.
Impact and Implications
The Shai Hulud v2 campaign represents a dangerous evolution of automated supply chain attacks, highlighting vulnerabilities in CI/CD pipelines and the critical importance of securing GitHub Actions workflows. Organizations must:
- Audit and rotate secrets regularly
- Limit access tokens in workflows
- Implement CI/CD security monitoring and automated scanning
