Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
Summary
A new malware strain dubbed Shai-Hulud is targeting versions of the Red Hat build of Node.js package manager (npm). The malicious code was found embedded in a legitimate-looking package and has been downloaded approximately 80,000 times per week.
IFF Assessment
FOE
This discovery represents a new threat to software supply chains, as malicious code is being injected into widely used development tools.
Defender Context
This incident highlights the ongoing risks associated with the software supply chain and the importance of robust dependency scanning and validation. Defenders should be vigilant about the integrity of development tools and third-party libraries they incorporate into their systems.