Self-replicating npm and PyPI supply chain worm that harvests developer, cloud, and registry credentials and propagates by publishing trojanized versions of every package the stolen tokens can reach. First seen September 2025 (@ctrl/tinycolor and peers, exposing private repositories and AWS credentials), it resurged as the larger 'Shai-Hulud 2.0' wave in November 2025 across @zapier, @asyncapi, posthog and @postman packages affecting 25,000+ repositories, and later reached PyPI through PyTorch Lightning. Named after the Dune sandworm; part of the broader TeamPCP activity.
Objective
Steal developer, cloud, registry, or application credentials through malicious package execution.
Related campaigns
Packages
- npm @ctrl/tinycolorattributed-to
- npm @zapier/zapier-sdkattributed-to
- npm @asyncapi/specsattributed-to
- npm @quick-start-soft/quick-markdown-printattributed-to
- npm @quick-start-soft/quick-markdownattributed-to
- npm @quick-start-soft/quick-remove-image-backgroundattributed-to
- npm @quick-start-soft/quick-git-clean-markdownattributed-to
- npm @quick-start-soft/quick-document-translatorattributed-to
- npm @quick-start-soft/quick-markdown-imageattributed-to
- npm @quick-start-soft/quick-task-refineattributed-to
- npm @asyncapi/modelinaattributed-to
- npm posthog-react-nativeattributed-to
- npm posthog-nodeattributed-to
- npm @postman/secret-scanner-wasmattributed-to
- npm @postman/csv-parseattributed-to
- npm @postman/node-keytarattributed-to
- npm @postman/tunnel-agentattributed-to
- npm @postman/wdio-allure-reporterattributed-to
- npm @postman/postman-mcp-cliattributed-to
- npm @postman/mcp-ui-clientattributed-to
- npm @postman/wdio-junit-reporterattributed-to
- npm @postman/pm-bin-macos-arm64attributed-to
- npm @postman/pm-bin-linux-x64attributed-to
- npm @postman/aether-iconsattributed-to
- pypi pytorch-lightningattributed-to
Indicators
- domain webhook.sitecommunicates-with
- sha256 bc18414929992e8e8d2211f9c51ebc7241294a1af3cfdbdd5ca417974b2dac0bindicates
- sha256 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09indicates
- email scttcper@gmail.comexfiltrates-to
- email github_token@github.comexfiltrates-to
- sha256 62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0indicates
- sha256 a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901aindicates
- sha256 3071422c3294e7b61cb490c57c48c8dea569bacf12e57a078293b6547d7586d3indicates
- sha256 56070a9d8de0c0ffb1ec5c309953cf4679432df5a78df9aeb020fbb73d2be9fbindicates
- sha256 5f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1indicates
- sha256 d2815d425ae08cc627f1db69009442165f8bbc64b7e9157e2ff9d7aab02094d4indicates
- sha256 8046a11187c135da6959862ff3846e99ad15462d2ec8a2f77a30ad53ebd5dcf2indicates
- sha256 2d4e21d2e78d0868ce7894487e67c67f929d8d81d78c5b07a3ad225b13eae890indicates
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1528 Steal Application Access Tokenuses
- ttp T1105 Ingress Tool Transferuses
- ttp T1071.001 Application Layer Protocol: Web Protocolsuses
- ttp T1102 Web Serviceuses
- ttp T1546 Event Triggered Executionuses
- ttp T1021 Remote Servicesuses
- ttp T1098 Account Manipulationuses
- ttp T1027 Obfuscated Files or Informationuses
- ttp T1059.006 Command and Scripting Interpreter: Pythonuses
