Security researchers have uncovered a malicious npm supply-chain campaign affecting several Red Hat Cloud Services packages. The attack, described as a “mini Shai-Hulud” campaign, is designed to steal developer credentials and CI/CD secrets during package installation.
The compromised package versions contain an obfuscated preinstall script that automatically runs during npm install, before developers even use the package. According to analyses from multiple security firms, including Socket, Aikido Security, JFrog, Microsoft, OX Security, SafeDep, StepSecurity, and Wiz, the malware targets GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault data, SSH keys, and Git credentials.
The malware uses encrypted data exfiltration and a GitHub-based fallback mechanism, suggesting the attackers intended not only to steal credentials but also to spread further through software supply chains. Researchers also found that the malware avoids running on Russian-language systems, a behavior previously seen in GlassWorm supply-chain attacks. Last month, the command-and-control (C&C) infrastructure behind the Glassworm botnet was dismantled in a coordinated effort.
The new variant comes with collectors for Google Cloud Platform (GCP) and Microsoft Azure identities. Unlike earlier versions that focused mainly on secrets, the new malware appears to be more focused on gaining direct access to cloud environments.
The campaign also includes GitHub automation capabilities. If a stolen GitHub token has sufficient permissions, the malware can identify writable repositories and inject malicious GitHub Actions workflows through GraphQL API operations, helping it spread to additional projects.
Researchers found that each infection generates a uniquely encrypted payload, making detection and tracking more difficult. Evidence suggests the attack may have started with the compromise of a Red Hat employee's GitHub account. The attacker reportedly pushed malicious orphan commits to two RedHatInsights repositories, bypassing normal code review processes.
Organizations that installed the affected package versions are advised to isolate impacted systems, remove the malicious packages, rotate potentially exposed credentials, review GitHub and npm activity for suspicious behavior, and check for persistence mechanisms, including modifications to configuration files and GitHub workflow definitions.