Cybersecurity researchers have uncovered a new variant of the Shai-Hulud worm on the npm registry, exhibiting subtle modifications compared to the previous wave detected last month.
The compromised npm package, “@vietmoney/react-big-calendar“, was originally uploaded in March 2021 by a user named “hoquocdat” and was recently updated to version 0.26.2 on December 28, 2025. Since its initial release, it has been downloaded 698 times, with 197 downloads recorded for the latest update.
Security firm Aikido, which identified the package, noted that there is no evidence of widespread infections following this update.
“This appears to be the attackers testing their payload,” said security researcher Charlie Eriksen. “Code differences indicate obfuscation from the original source, not simple modifications, suggesting access to the worm’s original code rather than a copycat attempt.”
The first Shai-Hulud attacks emerged in September 2025, targeting npm packages to steal sensitive credentials such as API keys, cloud credentials, and npm/GitHub tokens. These stolen tokens were then used to exfiltrate data to GitHub repositories. During the second wave in November 2025, affected repositories contained the description “Sha1-Hulud: The Second Coming“. The worm was designed to replicate itself across 100 other high-download packages belonging to the same developer, creating a widespread supply chain compromise.
Key changes in the new Shai-Hulud variant include:
- Initial file renamed to “bun_installer.js”, with the main payload now “environment_source.js”
- Secrets leaked to GitHub repositories with description “Goldox-T3chs: Only Happy Girl”
- Secret files renamed to:
3nvir0nm3nt.json,cl0vd.json,c9nt3nts.json,pigS3cr3ts.json,actionsSecrets.json - Removal of the “dead man switch” that triggered a wiper when tokens were missing
- Improved error handling for TruffleHog credential scanner timeouts
- OS-specific publishing and refined data collection order
Fake Jackson JSON Maven Package Delivers Cobalt Strike Beacon
Separately, supply chain security experts discovered a malicious Maven package, “org.fasterxml.jackson.core/jackson-databind”, masquerading as the legitimate Jackson JSON library (“com.fasterxml.jackson.core”). This package delivered a multi-stage attack including platform-specific executables and has been removed from Maven Central.
Obfuscated code within the Java Archive (JAR) triggers automatically when a developer adds the dependency to their pom.xml.
“Spring Boot applications automatically register the malware’s ApplicationRunner after context loads, without any explicit calls,” Eriksen explained. The malware checks for “.idea.pid” to avoid duplicate execution, then queries an external server (m.fasterxml[.]org:51211) to download a platform-specific payload. On Windows, it fetches “svchosts.exe”, while macOS systems receive a file labeled “update”.
The typosquatted domain fasterxml[.]org was registered via GoDaddy on December 17, 2025, just days before the malicious Maven package appeared.
According to Aikido, the attack exploited Java’s reverse-domain namespace conventions, using org.fasterxml.jackson.core to mimic the legitimate com.fasterxml.jackson.core library. The company recommends maintaining high-value namespace checks and extra verification for packages with similar-looking prefixes to prevent copycat attacks.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
