Home
News
Details

SlowMist Discovers High-Risk npm Worm 'Mini Shai-Hulud' Stealing CI/CD and Wallet Data

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
SlowMist has identified a high-risk npm worm named 'Mini Shai-Hulud' spreading through developer tooling in projects such as TanStack and UiPath. The worm uses stolen GitHub credentials to publish malicious packages containing a hidden script, router_init.js, which steals CI/CD keys, cloud infrastructure credentials, and wallet data. The script exfiltrates on-chain data via GitHub infrastructure. SlowMist has shared threat intelligence with clients and urged affected projects to scan for the script, rotate credentials, and monitor development environments for unusual activity.

ChainCatcher report: According to MistEye, a threat monitoring system under blockchain security firm SlowMist (@SlowMist_Team), a highly sophisticated npm worm named “Mini Shai-Hulud” is spreading through well-known developer projects such as TanStack, UiPath, and DraftLab. Attackers have compromised GitHub credentials and published malicious packages disguised as legitimate updates, embedding a hidden script, router_init.js, which silently executes in CI/CD environments like GitHub Actions. The script is designed to steal CI/CD secrets, cloud infrastructure credentials, and cryptocurrency wallet information, using GitHub’s own infrastructure to exfiltrate data. SlowMist has shared relevant threat intelligence (IOCs) with clients and recommends that projects using the affected packages immediately scan their CI/CD pipelines for the presence of router_init.js, rotate all exposed GitHub, cloud service, and cryptocurrency credentials, and continuously monitor development environments for anomalous background activity.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.