Cybersecurity researchers have disclosed particulars of what seems to be a brand new pressure of Shai Hulud on the npm registry with slight modifications from the earlier wave noticed final month.
The npm package deal that embeds the novel Shai Hulud pressure is “@vietmoney/react-big-calendar,” which was uploaded to npm again in March 2021 by a person named “hoquocdat.” It was up to date for the primary time on December 28, 2025, to model 0.26.2. The package deal has been downloaded 698 instances since its preliminary publication. The most recent model has been downloaded 197 instances.
Aikido, which noticed the package deal, mentioned it has not noticed any main unfold or infections following the discharge of the package deal.
“This implies we could have caught the attackers testing their payload,” safety researcher Charlie Eriksen mentioned. “The variations within the code means that this was obfuscated once more from the unique supply, not modified in place. This makes it extremely unlikely to be a copy-cat, however was made by someone who had entry to the unique supply code for the worm.”
The Shai-Hulud assault first got here to gentle in September 2025, when trojanized npm packages had been discovered stealing delicate information like API keys, cloud credentials, and npm and GitHub tokens, and exfiltrating them to GitHub repositories utilizing the pilfered tokens. Within the second wave noticed in November 2025, the repositories contained the outline “Sha1-Hulud: The Second Coming.”
However crucial side of the marketing campaign is its means to weaponize the npm tokens to fetch 100 different most-downloaded packages related to the developer, introduce the identical malicious modifications, and push them to npm, thereby increasing the dimensions of the provision chain compromise in a worm-like method.
The brand new pressure comes with noticeable modifications –
- The preliminary file is now referred to as “bun_installer.js” and the principle payload is known as “environment_source.js”
- The GitHub repositories to which the secrets and techniques are leaked characteristic the outline “Goldox-T3chs: Solely Completely happy Woman.”
- The names of recordsdata that include the secrets and techniques are: 3nvir0nm3nt.json, cl0vd.json, c9nt3nts.json, pigS3cr3ts.json, and actionsSecrets.json
Different vital modifications embody higher error dealing with when TruffleHog’s credential scanner instances out, improved working system-based package deal publishing, and tweaks to the order by which information is collected and saved.
Pretend Jackson JSON Maven Package deal Drops Cobalt Strike Beacon
The event comes as the provision chain safety firm mentioned it recognized a malicious package deal (“org.fasterxml.jackson.core/jackson-databind”) on Maven Central that poses as a official Jackson JSON library extension (“com.fasterxml.jackson.core”), however incorporates a multi-stage assault chain that delivers platform-specific executables. The package deal has since been taken down.
Current inside the Java Archive (JAR) file is closely obfuscated code that kicks into motion as soon as an unsuspecting developer provides the malicious dependency to their “pom.xml” file.
“When the Spring Boot software begins, Spring scans for @Configuration courses and finds JacksonSpringAutoConfiguration,” Eriksen mentioned. “The @ConditionalOnClass({ApplicationRunner.class}) verify passes (ApplicationRunner is at all times current in Spring Boot), so Spring registers the category as a bean. The malware’s ApplicationRunner is invoked routinely after the appliance context hundreds. No express calls required.”
The malware then seems to be for a file named “.thought.pid” within the working listing. The selection of the file identify is intentional and is designed to mix in with IntelliJ IDEA mission recordsdata. Ought to such a file exist, it is a sign to the malware that an occasion of itself is already working, inflicting it to silently exit.
Within the subsequent step, the malware proceeds to verify the working system and speak to an exterior server (“m.fasterxml[.]org:51211”) to fetch an encrypted response containing URLs to a payload to be downloaded primarily based on the working system. The payload is a Cobalt Strike beacon, a official adversary simulation device that may be abused for post-exploitation and command-and-control.
On Home windows, it is configured to obtain and execute a file referred to as “svchosts.exe” from “103.127.243[.]82:8000,” whereas a payload known as “replace” is downloaded from the identical server for Apple macOS programs.
Additional evaluation has revealed that the typosquatted area fasterxml[.]org was registered by way of GoDaddy on December 17, 2025, merely per week earlier than the malicious Maven package deal was detected.
“This assault exploited a particular blind spot: TLD-style prefix swaps in Java’s reverse-domain namespace conference,” Eriksen mentioned. “The official Jackson library makes use of com.fasterxml.jackson.core, whereas the malicious package deal used org.fasterxml.jackson.core.”
The issue, Aikido mentioned, stems from Maven Central’s incapability to detect copycat packages that make use of related prefixes as their official counterparts to deceive builders into downloading them. It is also beneficial that the package deal repository maintainers take into account sustaining an inventory of high-value namespaces and topic any package deal revealed underneath similar-looking namespaces to extra verification to make sure they’re official.
