A dangerous computer worm is spreading by taking over automated processes on GitHub to distribute harmful software packages. Recently, it affected popular projects like AntV, echarts-for-react, and a software kit from Microsoft called durabletask SDK.
-
Key Takeaways:
- Mini Shai-Hulud exploited GitHub Actions on May 19, compromising 300+ npm packages across 16M weekly downloads.
- The malware installs a dead-man’s switch that wipes the developer’s machine if the stolen npm token is revoked.
- GitHub responded May 20 with staged publishing, bulk OIDC onboarding, and a plan to deprecate legacy npm tokens.
Mini Shai-Hulud Exploits GitHub Actions to Hit 16 Million Weekly Downloads
The Mini Shai-Hulud campaign, carried out by the Team PCP group, differs from typical supply chain attacks. Instead of directly stealing and using a developer’s login information, the attacker copies a target’s code repository on GitHub and then submits a change request (a pull request) that activates a specific automated process called a `pull_request_target` workflow.
This compromises the GitHub Actions cache by inserting harmful files from the pnpm package manager. After this, the malicious packages seem legitimate because they have valid signatures and pass security checks, fooling typical security tools.
On May 19, the latest wave struck the AntV data visualization ecosystem as attackers gained access to a compromised maintainer account in the @atool namespace and published more than 300 malicious package versions across 323 packages in a 22-minute automated burst.
Among the affected packages is echarts-for-react, a React wrapper for Apache Echarts with roughly 1.1 million weekly downloads. The collective weekly download count across all affected packages in this wave is estimated at around 16 million.
The most concerning technical aspect is what happens if someone tries to stop the malware. It installs a safeguard that checks GitHub every minute to see if a specific access token has been cancelled. This token is labeled with a warning: “If you cancel this token, it will erase the owner’s computer.” If a developer does cancel the token, the infected computer’s files are immediately deleted.
This malicious token compromises accounts on popular platforms like GitHub, AWS, Azure, and Google Cloud, as well as tools like Kubernetes and HashiCorp Vault – affecting over 90 different developer configurations. Once it gains access, it spreads throughout a connected cloud network.
One Attack, Multiple Casualties
On May 19th, attackers compromised the Python Package Index (PyPI) by publishing three fake versions of Microsoft’s durabletask Python SDK. These malicious packages secretly downloaded and installed a small program (28 KB) designed to steal login credentials. Once running, this program could potentially spread across cloud environments like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
On May 20th, GitHub announced updates to how packages are published on npm. These changes include making it easier for organizations to secure large numbers of packages using a system called OIDC, supporting more services beyond GitHub Actions and GitLab for OIDC authentication, and introducing a new process where package maintainers can review and approve publications with multi-factor authentication before they become publicly available.
The company will soon stop supporting older security tokens and move users to a more secure login method using FIDO-based two-factor authentication. They will also prevent the use of tokens for publishing by default. Previously, in September 2025, GitHub removed over 500 hacked packages from the npm registry as part of this effort.
Blockchain security firm Slowmist had raised an early warning on May 14 after flagging three malicious versions of node-ipc, a package with 822,000 weekly downloads, as part of the same campaign.
If you use any of the affected software packages, it’s crucial to check your project’s dependencies right away. Before doing anything else, change all your passwords and security keys. Then, look for any signs of a security breach using information shared by Snyk, Wiz, Socket.dev, and Step Security.
Read More
- HYPE PREDICTION. HYPE cryptocurrency
- PI PREDICTION. PI cryptocurrency
- USD ZAR PREDICTION
- FIL PREDICTION. FIL cryptocurrency
- Silver Rate Forecast
- ONDO PREDICTION. ONDO cryptocurrency
- USD JPY PREDICTION
- USD BRL PREDICTION
- USD VND PREDICTION
- USD CNY PREDICTION
2026-05-20 10:33