Self-replicating Shai-hulud worm spreads token stealing malware on npm

Description

A self-replicating worm named Shai-hulud has been detected on the npm registry, spreading through compromised developer accounts and injecting malicious code into legitimate packages. The worm steals cloud service tokens, primarily targeting npm, GitHub, AWS, and GCP. It also installs Trufflehog to detect additional secrets. The compromised packages include popular ones with millions of weekly downloads. The worm's functionality includes auto-spreading, token theft, and exposing private repositories. Similarities with previous npm compromises have been noted. The impact is significant, affecting numerous developers and organizations across various industries.