Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Essential information
- Published
- 21/05/2026 00:36
- Modified
- 21/05/2026 16:49
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- ci/cd credential theft data exfiltration github actions npm obfuscation privilege escalation supply chain attack
- Tags
- 2026-05-20 ci/cd credential-theft data exfiltration github actions npm obfuscation privilege-escalation supply chain attack
- Related entities
- 5 indicators, 5 observables, 20 techniques (mitre), 1 others
Description
Microsoft identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv maintainer account and published malicious versions of widely used data-visualization packages, affecting libraries like echarts-for-react with over 1 million weekly downloads. The attack propagates through dependency chains into CI/CD pipelines and cloud workloads. A 499 KB obfuscated JavaScript payload executes silently during npm install, specifically designed to steal credentials from GitHub Actions environments. Key capabilities include multi-platform credential theft (GitHub, AWS, HashiCorp Vault, npm, Kubernetes, 1Password), GitHub Action Runner process memory scraping, privilege escalation, dual-channel data exfiltration, and SLSA provenance forgery. The payload targets CI/CD environments deliberately, with over 2,200 compromised repositories observed. GitHub responded by removing 640 malicious packages and invalidating 61,274 npm tokens.