Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

2026-05-19

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

A supply chain attack campaign named Mini Shai-Hulud has compromised npm packages in the @antv ecosystem through a hijacked maintainer account, distributing malicious code to hundreds of thousands of developers.

•639 malicious versions were published across 323 unique packages, including the widely-used echarts-for-react with 1.1 million weekly downloads
•The malware harvests 20+ credential types including AWS, Azure, Google Cloud, GitHub, npm, SSH, Kubernetes, and database connection strings
•Uses automated rapid deployment with preinstall hooks and injects malicious dependencies via legitimate repositories
•Leverages Sigstore OIDC token abuse to forge SLSA provenance attestations, making malicious packages appear legitimate
•

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cloud CISO Perspectives: How to build an AI-ready security program for the public sector

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks