* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Cloud Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/)
* [AppSec](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/category/appsec/)
* Shai-Hulud 2.0: How Corte...

# Shai-Hulud 2.0: How Cortex Helps Protect Against the Resurgent npm Worm

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fshai-hulud-2-0-npm-worm-detection-blocking%2F)  
[](https://twitter.com/share?text=Shai-Hulud+2.0%3A+How+Cortex+Helps+Protect+Against+the+Resurgent+npm+Worm&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fshai-hulud-2-0-npm-worm-detection-blocking%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fshai-hulud-2-0-npm-worm-detection-blocking%2F&title=Shai-Hulud+2.0%3A+How+Cortex+Helps+Protect+Against+the+Resurgent+npm+Worm&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/shai-hulud-2-0-npm-worm-detection-blocking/&ts=markdown)  
\[\](mailto:?subject=Shai-Hulud 2.0: How Cortex Helps Protect Against the Resurgent npm Worm)  
Link copied  
By [Cameron Hyde](https://www.paloaltonetworks.com/blog/author/cameron-hyde/?ts=markdown "Posts by Cameron Hyde") and [Yitzy Tannenbaum](https://www.paloaltonetworks.com/blog/author/yitzy-tannenbaum/?ts=markdown "Posts by Yitzy Tannenbaum")  
Nov 26, 2025  
6 minutes  
[AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown)  
[Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown)  
[Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Supply Chain Security](https://www.paloaltonetworks.com/blog/cloud-security/category/supply-chain-security/?ts=markdown)  
[XDR](https://www.paloaltonetworks.com/blog/tag/xdr/?ts=markdown)

Unit 42 recently reported on a [resurgent and highly sophisticated npm supply chain attack](https://unit42.paloaltonetworks.com/npm-supply-chain-attack/), now referred to as Shai-Hulud 2.0, affecting tens of thousands of GitHub repositories and compromising trusted open-source packages. The campaign uses malicious package updates to steal credentials, establish persistent backdoors and self-propagate across developer environments and CI/CD systems.

Today's blog post looks at how [Cortex](https://www.paloaltonetworks.com/cortex/cloud)[Cloud^TM^](https://www.paloaltonetworks.com/cortex/cloud) and Prisma Cloud^®^ can help organizations detect, block and contain the behaviors used in this campaign, as well as what steps organizations should take to stay secure---even if they rely on other security tools.

## **Anatomy of a Software Supply Chain Attack**

The current 2.0 campaign, aka "Shai-Hulud: The Second Coming", affects tens of thousands of GitHub repositories, including over 25,000 malicious repos spread across roughly 350 unique users. But to understand the severity of Shai-Hulud 2.0, it helps to look at the mechanics of a supply chain attack. The threat actor doesn't target the final product (an individual's application) directly. Instead, they target a trusted component within the product's supply chain.

***Related Article:*** [*Breakdown: Widespread npm Supply Chain Attack Puts Billions of Weekly Downloads at Risk*](https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/)

Imagine a thief trying to break into a safe. Instead of attacking the steel door, they tamper with the factory that manufactures the safe and slip in a faulty lock. The manufacturer unknowingly installs the compromised lock on every safe that rolls off the line. When customers buy those safes from a trusted brand, the thief can break in with ease because they know the built-in weakness.

* **The Component Supplier**: The package maintainer and the npm registry act as the trusted suppliers.
* **The Component Part**: The npm packages are the individual parts (the "locks").
* **The Manufacturer**: Developers are the manufacturers, assembling applications using those trusted components.
* **The Final Product**: The software, services and systems developers deliver.

By poisoning the open-source packages, the malicious code is automatically distributed downstream to every developer, build server and application that installs or updates those packages.

## **The Attack: What Is Shai-Hulud 2.0?**

The Shai-Hulud malware behaves like a worm because once it compromises an npm package, it can spread to others. It steals credentials, republishes trojanized packages and moves through the ecosystem on its own, not before leaving a persistent backdoor that attackers can utilize in the future for direct command execution on a developer workstation.

The recent 2.0 variant introduces new tactics such as earlier preinstall execution, a redesigned payload structure and, in some cases, Docker privilege escalation. It infects `package.json` with malicious pre-install scripts, and when a developer or CI/CD runner installs a compromised package, the script kicks off a sequence of actions designed to steal secrets and extend the infection.

The diagram in figure 1 reflects the major differences between Shai-Hulud 1.0 and 2.0.
![Shai-Hulud Attack Flow](https://www.paloaltonetworks.com/blog/wp-content/uploads/2025/11/word-image-349234-1.png)
Figure 1: Shai-Hulud Attack Flow

As mentioned, the 2.0 version attempts to set up a persistent backdoor through GitHub Discussions. With this, attackers can potentially execute commands on the developer workstation simply by opening a discussion in a repository that contains a malicious workflow. The backdoor will survive reboots and credential rotation.

### Key Attack Stages

1. **The Initial Spark**: Though the worm spreads automatically now, the threat actor initially used stolen credentials to manually publish the infected version of @asyncapi/specs.
2. **Dropper Execution:** The script deploys `setup_bun.js`, which installs the Bun runtime if missing.
3. **Persistence \& Payload:** A heavily obfuscated payload, `bun_environment.js`, is launched as a detached background process.
4. **Credential Harvesting:** The malware scans for credentials in standard locations (`~/.aws/`, `~/.azure/`, `~/.npmrc`) and scrapes environment variables. It has also been observed utilizing **TruffleHog** to aggressively scan for secrets.
5. **Exfiltration:** Stolen secrets are dumped into new GitHub repositories created with stolen tokens, often sporting descriptions like "Sha1-Hulud: The Second Coming".
6. **Propagation:** Leveraging stolen npm tokens, the malware publishes new, infected versions of the victim's packages, perpetuating the cycle.

## **Global Mirroring of npm Adds Security Challenges**

Global mirroring of npm across public mirrors, company proxies and private enterprise registries improves speed and reliability, as well as regional access. It also amplifies supply chain risk, however. Mirrors replicate packages automatically and can often retain cached versions even after removal upstream. To mitigate heightened risk, organizations can enforce strict version pinning and use dependency allowlists to ensure only verified package versions are installed, reducing exposure to malicious cached packages.

## **Secure Your Software Supply Chain with Cortex Cloud**

Cortex Cloud offers extensive ASPM and supply chain security capabilities to help identify the vulnerabilities and misconfigurations that Shai-Hulud exploits.

*\*Prisma Cloud customers who haven't yet migrated to Cortex Cloud should take the same precautions.*

### **1. Identifying Vulnerable Packages (SCA \& SBOM)**

Since CVEs for these malicious packages may lag behind the attack, organizations must rely on real-time visibility into their software bill of materials (SBOM).

* **SBOM Querying:** Cortex Cloud allows you to query your organization's SBOM against the list of known malicious packages to immediately identify impact.
* **Operational risk model:** For packages without published CVEs, our proprietary Operational Risk model provides additional protection. It evaluates open-source packages based on factors such as maintainer activity, deprecation status and community adoption, allowing us to identify risky components even in the absence of known vulnerabilities.

### **2. Hardening CI/CD Policies: Out-of-the-Box Rules**

Shai-Hulud thrives in insecure environments. Palo Alto Networks customers can leverage the following Cortex Cloud out-of-the-box (OOTB) CI/CD rules to prevent similar attacks. These rules map to industry standards like the [OWASP Top 10 CI/CD Risks](https://owasp.org/www-project-top-10-ci-cd-security-risks/) and [CIS Software Supply Chain Security Guide](https://www.cisecurity.org/insights/white-papers/cis-software-supply-chain-security-guide).

* **Repository missing npm lock file:** Detects repositories missing `package-lock.json`. If a lock file is not used when running "npm ci" during the build, packages are installed without integrity checks, allowing tampered versions to slip in.
* **Packages insecurely installed through "npm install" command:** In common configurations, "npm install" updates and installs versions without checking package integrity. This allows attackers who control a dependency to upload a malicious version that's automatically downloaded.
* **npm package downloaded from git without commit hash reference:** Without a specific commit hash, the integrity of a package downloaded from a git URL can't be guaranteed, which potentially allows a build server to download a malicious version.
* **npm project contains unused dependencies:** Unused dependencies widen the attack surface without justification. If an unused dependency is compromised by Shai-Hulud, it exposes the project to risk even if the code isn't actively used.

For more information on the affected packages and continuous updates, refer to the[Unit 42^®^ Threat Brief](https://unit42.paloaltonetworks.com/npm-supply-chain-attack/).

*** ** * ** ***

## Related Blogs

### [CDR](https://www.paloaltonetworks.com/blog/cloud-security/category/cdr/?ts=markdown), [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Lessons Ted Lasso Can Teach You About CDR](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/lessons-ted-lasso-can-teach-you-about-cdr/)

### [Cloud Detection and Response](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-detection-and-response/?ts=markdown), [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection/?ts=markdown), [CNAPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cnapp/?ts=markdown)

[#### Taking Cloud Security from Visibility to Prevention with eBPF](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/ebpf-cloud-security-real-time-protection/)

### [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Code Security](https://www.paloaltonetworks.com/blog/cloud-security/category/code-security/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Research](https://www.paloaltonetworks.com/blog/cloud-security/category/research/?ts=markdown)

[#### An Inside Look into ASPM: Five Findings from New Industry Research](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/aspm-research-omdia/)

### [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [ASPM](https://www.paloaltonetworks.com/blog/cloud-security/category/aspm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### Palo Alto Networks and Veracode: Unifying Application Security from Code to Cloud](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/application-security-veracode-partnership/)

### [Cloud Runtime Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-runtime-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection/?ts=markdown), [CWPP](https://www.paloaltonetworks.com/blog/cloud-security/category/cwpp/?ts=markdown)

[#### Agentless Vs. Agent-Based Scanning in Kubernetes: A Deep Dive](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/agentless-vs-agent-based-scanning-in-kubernetes-a-deep-dive/)

### [Application Security](https://www.paloaltonetworks.com/blog/cloud-security/category/application-security/?ts=markdown), [AppSec](https://www.paloaltonetworks.com/blog/cloud-security/category/appsec/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown)

[#### How Cortex Cloud and Semgrep Are Redefining AI-Driven Application Security](https://origin-researchcenter.paloaltonetworks.com/blog/cloud-security/application-security-semgrep-partnership/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language