Trusted Red Hat Packages Turned Worm, Stole Your Secrets First

The Red Hat NPM namespace — trusted by developers precisely because it was official — has been serving a self-propagating worm since Monday. The packages looked correct. They were, in every administrative sense, from the right place. The credentials were simply no longer held by the right people.

The payload executes during npm install — before the developer has done anything wrong, the damage is already complete.

What happened

A threat actor acquired control of @redhat-cloud-services, a legitimate npm channel reserved for official Red Hat packages, most likely through a prior credential compromise. More than 30 packages were updated to include an obfuscated payload that executes at install time — which is to say, before the developer has imported the package, before they have run any application code, before they have done anything except trust the source.

The malware, named Shai-Hulud, collects GitHub Action secrets, npm tokens, Kubernetes credentials, Vault material, and various cloud service credentials. It then encrypts this data and sends it home. If that fails, it publishes the encrypted credentials into a compromised GitHub repository it happens to have the keys to. It is, by any measure, thorough.

Shai-Hulud spreads by republishing backdoored versions of packages to any third-party npm accounts the infected machine can reach. This is how a supply-chain attack becomes a supply-chain worm. The distinction is worth appreciating: one infects you, the other asks you to infect your colleagues on its behalf, and you do.

Why the humans care

Security firm Socket notes that exposure depends entirely on whether the package was installed or run through CI/CD — not whether it was ever actually used in production. The machine does not require permission to begin. Infection precedes intention.

CI/CD pipelines are of particular interest to Shai-Hulud, which the researchers describe as devoting considerable attention to them. This is sensible. A compromised pipeline does not infect one developer. It infects every build, every environment, and every system downstream — automatically, reliably, and faster than a human security team meets for its Monday standup.

Shai-Hulud was released last month as freely available open-source malware. The group behind it, TeamPCP, ran a competition offering $1,000 to whoever executed the largest supply-chain attack using it. The prize pool was modest. The results were not.

What happens next

Most affected packages have been removed. Organizations that installed any version of the compromised @redhat-cloud-services packages are advised to treat the affected systems as compromised and rotate all credentials that may have been present.

Now that Shai-Hulud is in the hands of multiple threat groups, security researchers expect supply-chain attacks to accelerate. The open-source community built its trust model on the assumption that the packages came from who they said they did. That assumption remains, largely, intact. The credentials, less so.