A malware campaign known as “Shai-Hulud” has been linked to approximately 300 npm and PyPI packages, collectively downloaded over 518 million times per month. Named after the sandworms in “Dune,” the malware exploits GitHub Actions and software publishing workflows to spread through developers' automated build and deployment pipelines. Researchers say the attacks poison shared build caches, making malicious code appear legitimate due to valid signatures and trusted sources. Recent incidents involve OpenAI, Microsoft, and Mistral AI; OpenAI confirmed two employee devices were infected, and Mistral reported a compromised developer device. The malware steals cloud credentials, crypto wallet keys, SSH keys, and environment variables, with some variants also creating DDoS botnets. Experts warn this exposes a fundamental vulnerability: modern software relies on running others' code, making supply-chain attacks difficult to patch away. The campaign follows a May 11 attack on TanStack and earlier activity by cybercriminal group TeamPCP, though newer variants may be from different actors. GitHub is investigating a related breach where ~4,000 private repos were stolen.

Key facts

• Shai-Hulud malware linked to ~300 npm and PyPI packages with 518M+ monthly downloads.
• OpenAI, Microsoft, and Mistral AI disclosed infections; OpenAI had two employee devices compromised.
• Exploits GitHub Actions and supply-chain pipelines by poisoning build caches.
• Steals cloud credentials, crypto wallet keys, SSH keys, and environment variables; some variants create DDoS botnets.