The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend.
A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency wallet data, and account information.
All rogue packages included routines that exfiltrated information, such as credentials and configuration files, but one also turned the system into a bot for distributed denial-of-service (DDoS) activity.
Researchers at OXsecurity, a company that secures applications from code to runtime, discovered the malicious uploads over the weekend and noticed that the threat actor used misspelled names (typosquatting) targeting Axios users, and some generic ones:
- chalk-tempalte – Shai-Hulud clone (information stealer)
- @deadcode09284814/axios-util – Credential and cloud config stealer
- axois-utils – Infostealer + persistent DDoS botnet (“phantom bot”)
- color-style-utils – Basic infostealer targeting crypto wallets and IP info
According to the researchers, the chalk-tempalte package contains a clone of the Shai-Hulud malware attributed to the TeamPCP hacker group that is reponsible for the recent Mini Shai-Hulud software supply-chain attack.
The malware emerged on GitHub last week, with a message allegedly from TeamPCP saying “Here We Go Again – Let the Carnage Continue. A Gift from TeamPCP.”
The chalk-tempalte package appears to be the first documented case of a Shai-Hulud clone deployed on npm, though Ox notes that it’s not a sophisticated example, but rather an unmodified copy of the leaked source code without any protection.
“One incriminating evidence that this is a different actor from TeamPCP, is that the Shai-Hulud malware code is an almost exact copy of the leaked source code, with no obfuscation techniques, which make the final version visually different from the original,” OXsecurity explains.
The malware steals credentials, secrets, crypto wallet data, and account information and exfiltrates it to a command-and-control (C2) server at 87e0bbc636999b[.]lhr[.]life.
The code retains the GitHub publishing functionality, so it uploads stolen credentials to public, auto-generated repositories.
Of the other three packages, ‘axois-utils’ stands out for including DDoS capability, in addition to the information-stealing functionality present across all four packages.
The package supports HTTP, TCP, and UDP floods, as well as TCP reset attacks, while the researchers have also found internal references to a “phantom bot.”
Source: OXsecurity
The Shai-Hulud campaign had multiple iterations since September 2025, stealing developers’ data by injecting malware into legitimate projects. After stealing credentials for accounts with publishing rights, the exfiltrated information was exposed in public GitHub repositories. The campaigns were attributed to the TeamPCP hacker group.
In a previous report, OXsecurity says that threat actors quickly copied the malware source code and started modifying it to extend its capabilities.
The researchers recommend that developers who downloaded infected npm packages remove them immediately and rotate their credentials and API keys on affected systems.
OXsecurity notes that the four packages had a combined download count of 2,678.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
