Researchers from OX Security discovered four malicious npm packages published by the same user but containing fundamentally different malicious payloads — from a clone of the Shai-Hulud worm to a Go-based DDoS botnet and classic infostealers. In total, the packages were downloaded more than 3,000 times. Developers using npm are advised to immediately check their dependencies for the presence of these libraries, remove them if found, and rotate all secrets that may have been compromised.

Malicious packages and their functionality

All four packages were published under the npm user deadcode09284814. Notably, despite having a common author, each package delivers a unique malicious payload:

• chalk-tempalte (825 downloads) — contains an almost unchanged clone of the Shai-Hulud worm, whose source code was released by the TeamPCP group. According to the researchers, the attacker merely substituted their own C2 server and private key.
• axois-utils (963 downloads) — delivers the Phantom Bot DDoS botnet written in Go, capable of flooding over HTTP, TCP, and UDP protocols. The botnet achieves persistence on the system via the Windows startup folder and Task Scheduler.
• @deadcode09284814/axios-util (284 downloads) — an infostealer that exfiltrates SSH keys, environment variables, cloud credentials, system information, IP address, and cryptocurrency wallet data.
• color-style-utils (934 downloads) — a similar infostealer targeting the same data set but exfiltrating it to a different C2 server.

The package names leverage a typosquatting technique: chalk-tempalte imitates the popular chalk-template, and axois-utils mimics the axios library. This is a classic supply chain attack technique that relies on developer typos when installing dependencies.

Data exfiltration mechanism

The chalk-tempalte package with the Shai-Hulud clone sends stolen credentials to a C2 server and also uses a stolen GitHub token to create a public repository via the GitHub API. The created repository receives the description “A Mini Sha1-Hulud has Appeared” — this string can serve as a compromise indicator when searching for leaks.

According to OX Security, the attacker took the open-source Shai-Hulud code and “uploaded a working version with their own C2 server almost without any changes.” This demonstrates the extremely low barrier to entry for carrying out supply chain attacks when ready-made tooling is available.

Indicators of compromise

• C2 domains: 87e0bbc636999b.lhr[.]life, edcf8b03c84634.lhr[.]life
• C2 IP address: 80.200.28[.]28:2222
• Marker in GitHub: repository description “A Mini Sha1-Hulud has Appeared”

Threat context

The emergence of these packages is linked to the publication of the Shai-Hulud worm’s source code by the TeamPCP group. According to the researchers, the clone in the chalk-tempalte package may have been inspired by a supply chain attack contest announced on the BreachForums forum shortly after the code leak. However, this connection is based on assumptions from a single source and has not been independently confirmed.

The key feature of this incident is its multivector nature. A single attacker simultaneously deployed four packages with different types of malware: a self-replicating worm, a DDoS botnet, and two variants of an infostealer. This may indicate both experimentation with various approaches and an attempt to maximize reach with minimal effort.

Impact assessment

The primary risk group is developers and DevOps engineers working within the npm ecosystem, especially those who install dependencies without strict verification of package names. Given that the infostealers target SSH keys, cloud credentials, and environment variables, the compromise of a single developer workstation can lead to cascading access to an organization’s cloud infrastructure, CI/CD pipelines, and private repositories.

A separate risk lies in the use of stolen GitHub tokens to create public repositories — this is a potential channel for leaking proprietary code and secrets.

Response recommendations

1. Check dependencies of all projects for the presence of the chalk-tempalte, axois-utils, @deadcode09284814/axios-util, and color-style-utils packages, and immediately remove them if found.
2. Rotate secrets: SSH keys, GitHub tokens, cloud credentials (AWS, GCP, Azure), API keys, environment variables — anything that may have been accessible on a compromised machine.
3. Review GitHub accounts for unknown repositories, especially those with the description “A Mini Sha1-Hulud has Appeared”.
4. Remove malicious configurations from IDEs and tools like Claude Code that may have been modified by the malicious code.
5. Block at the network level any connections to the domains 87e0bbc636999b.lhr.life, edcf8b03c84634.lhr.life and the IP address 80.200.28.28.
6. Check Task Scheduler (Windows) and the startup folder for suspicious entries related to Phantom Bot.

This incident clearly demonstrates how releasing malware source code lowers the barrier to conducting supply chain attacks. Developers should implement automatic dependency checks using tools like npm audit, use a lockfile to pin versions, and consider policies that restrict installing packages from unverified authors. Organizations that have found any of the mentioned packages in their infrastructure should treat the incident as a full compromise of the workstation and act accordingly.