TeamPCP Hits 170 Packages With Mini Shai-Hulud, Stealing Credentials via Trusted GitHub Publishing
Updated
Updated · The Hacker News · May 12
TeamPCP Hits 170 Packages With Mini Shai-Hulud, Stealing Credentials via Trusted GitHub Publishing
10 articles · Updated · The Hacker News · May 12
More than 170 npm and PyPI packages tied to TanStack, Mistral AI, UiPath, OpenSearch and Guardrails AI were found carrying Mini Shai-Hulud malware, with 518 million cumulative downloads and at least 400 attacker-created repositories.
TanStack said 42 packages and 84 versions in its ecosystem were compromised through a chained GitHub Actions attack that abused pull_request_target, cache poisoning and stolen OIDC tokens to publish malicious packages with valid SLSA Level 3 attestations.
The malware profiles developer environments, steals credentials from cloud, crypto, AI, messaging and CI tools, persists in Claude Code and VS Code, and injects GitHub Actions workflows to exfiltrate repository secrets.
A new dead-man's switch polls every 60 seconds for revocation of an attacker-created npm token and can trigger rm -rf ~/ on the victim machine; Microsoft also found a geofenced destructive branch in the malicious mistralai package.
Researchers said the campaign marks a shift from one-off package tampering to identity-driven propagation through trusted CI/CD infrastructure, making malicious releases appear legitimate and harder for defenders to spot.
Attackers now use AI to mutate malware. Are our cyber defenses prepared for these self-adapting digital threats?
If security attestations can be forged on malicious code, how can we trust the software we use daily?
A new malware has a 'dead man's switch' to wipe your PC. How do you escape this digital hostage trap?
The Mini Shai-Hulud Supply Chain Worm: TeamPCP’s Unprecedented Attack on 100+ Development Packages and CI/CD Pipelines
Overview
On May 11, 2026, the Mini Shai-Hulud Campaign marked a turning point in software security when the threat actor TeamPCP launched a sophisticated supply chain attack. TeamPCP infiltrated critical software distribution channels and injected malicious code into widely used development packages, compromising several high-profile packages across various platforms. Notably, they published malicious versions of official Mistral AI packages across all distribution channels and heavily impacted the UiPath NPM platform by releasing 65 malicious versions. This campaign highlights the growing risks in the software supply chain and the urgent need for stronger security measures.