Home / Companies / Socket / Blog / Post Details
Content Deep Dive

Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages

Blog post from Socket

Post Details
Company
Date Published
Author
Socket Research Team
Word Count
4,194
Company Posts That Month
27
Language
English
Hacker News Points
-
Post removed?
No
Summary

Socket has uncovered a malicious npm supply chain attack affecting @redhat-cloud-services packages, employing tactics similar to the Shai-Hulud campaign, which involves install-time execution, credential harvesting, and potential propagation to downstream systems. The attack leverages a preinstall hook to run obfuscated malware upon npm install, targeting sensitive information like GitHub Actions secrets, npm tokens, cloud credentials, and more, with encrypted exfiltration and fallback mechanisms via GitHub. The malicious packages execute a JavaScript loader that decrypts and runs hidden payloads, evading static review. The threat is exacerbated by the public availability of Shai-Hulud attack tooling, complicating attribution. Socket's analysis notes that the malware aims to collect extensive credentials and possibly facilitate further supply chain attacks, prompting ongoing analysis and public tracking of affected packages.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 23 2,464 377 128 +14%
MCP 9 7,418 806 202 +5%
Kubernetes 7 2,147 317 104 +9%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.