Shai-Hulud (Malware Family)

Shai-Hulud

A Javascript-based worm propagating through GitHub repositories and exfiltrating tokens and other credentials.

References

2026-06-08 ⋅ StepSecurity ⋅ Rohan Prabhu
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent
Shai-Hulud

2026-06-07 ⋅ Socket ⋅ Socket
Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave
Shai-Hulud

2025-12-28 ⋅ Twitter (@CharlieEriksen) ⋅ Charlie Eriksen
Tweet about sightings of a new Shai Hulud version
Shai-Hulud

2025-12-02 ⋅ Zscaler ⋅ Atinderpal Singh
Shai-Hulud V2 Poses Risk To NPM Supply Chain
Shai-Hulud

2025-10-10 ⋅ ReversingLabs ⋅ Karlo Zanki
Shai-hulud npm attack: What you need to know
Shai-Hulud

2025-09-19 ⋅ Zscaler ⋅ Atinderpal Singh
Mitigating Risks from the Shai-Hulud NPM Worm
Shai-Hulud

2025-09-16 ⋅ Wiz.io ⋅ Barak Sharoni, Merav Bar, Rami McCarthy
Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware
Shai-Hulud

There is no Yara-Signature yet.

Shai-Hulud Propose Change

References

Shai-Hulud