Analysis updated 2026-05-18
Study how a real supply-chain attack harvests credentials from CI/CD pipelines.
Research the phases of a documented npm and GitHub Actions credential-stealing malware.
Build detection rules for security tooling based on this malware's known behavior.
| edxeth/shai-hulud-open-source | adrianhajdin/job_pilot | cneuralnetwork/pracdago | |
|---|---|---|---|
| Stars | 20 | 20 | 20 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | — | hard | moderate |
| Complexity | 5/5 | 4/5 | 2/5 |
| Audience | researcher | developer | vibe coder |
Figures from each repo's GitHub metadata at analysis time.
This is real attack malware documented for research, running it against systems without authorization is illegal.
This repository contains the published source code of the "Shai-Hulud" supply chain attack malware, which was referenced in a May 2026 SecurityWeek article covering attacks against TanStack, Mistral AI, and UiPath. The README describes it as published for research and educational purposes, but the code is a fully functional attack tool written in TypeScript using Bun. The malware is designed to be injected into CI/CD pipelines (automated software build systems, such as GitHub Actions). Once activated, it operates in five phases. First it checks its environment and either activates immediately or runs silently in the background. Second it harvests credentials in parallel from the filesystem (reading over a hundred known locations including AWS credentials, SSH keys, cryptocurrency wallet files, shell history, and developer tool configs), from environment variables, from GitHub Actions runner process memory, from AWS SSM and Secrets Manager across seventeen regions, from Kubernetes cluster secrets, and from HashiCorp Vault. Third it encrypts the harvested data with AES-256 and exfiltrates it to a command-and-control server, with fallback channels including GitHub repositories. Fourth it propagates by backdooring npm packages, either through GitHub's OIDC token exchange or by injecting malicious code into packages the stolen npm tokens can publish to, and by committing malicious files into GitHub repositories. Fifth it installs a persistence daemon that acts as a dead man's switch: if a stolen token is revoked, it attempts to delete the victim's home directory. The repository is included here solely to document what the malware does. Installing or running it against systems without authorization would be illegal.
The published source code of the Shai-Hulud supply chain malware, documented here for security research rather than for use.
Mainly TypeScript. The stack also includes TypeScript, Bun.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.