Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account — Mini Shai-Hulud [https://blogger.googleusercontent.com/img/b/R29vZ2xl/
What’s new: A software supply chain attack has compromised multiple npm packages associated with the @antv ecosystem, leveraging a compromised maintainer account. The attack has resulted in the publication of 639 malicious versions across 323 unique packages, including popular libraries like echarts-for-react and various @antv packages. The malware is designed to steal credentials from over 20 services, including AWS, Google Cloud, and GitHub, and can propagate itself through npm tokens.
Who’s affected
Organizations using affected npm packages, particularly those in data visualization and React component ecosystems, are at risk. The compromised packages are widely used, with some having millions of weekly downloads, increasing the potential impact on users who automatically update dependencies.
What to do
- Rotate credentials for any accounts that may have been exposed.
- Enable two-factor authentication (2FA) on affected accounts.
- Audit GitHub repositories for Shai-Hulud-related strings.
- Switch to safe versions of the affected packages.
