HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Compromised @antv npm Packages Deploy Mini Shai‑Hulud Malware to Steal CI/CD Credentials Across Major Platforms

Threat actors hijacked popular @antv npm packages, inserting the Mini Shai‑Hulud payload that runs during `npm install` and siphons credentials for GitHub, AWS, Kubernetes, Vault, npm, and 1Password. Any organization that automatically trusts these packages in its CI/CD pipelines faces potential credential exposure and downstream cloud compromise, making this a high‑priority TPRM concern.

LiveThreat™ Intelligence · 📅 May 21, 2026· 📰 microsoft.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
5 recommended
📰
Source
microsoft.com

Compromised @antv npm Packages Deploy Mini Shai‑Hulud Malware to Steal CI/CD Credentials Across GitHub, AWS, Kubernetes, Vault, npm, and 1Password

What Happened — Threat actors compromised several popular @antv npm packages. The malicious payload, dubbed Mini Shai‑Hulud, executes during npm install on Linux‑based CI/CD runners and harvests credentials for GitHub, AWS, Kubernetes, HashiCorp Vault, npm, and 1Password.

Why It Matters for TPRM

  • Supply‑chain compromise of a widely‑used JavaScript library can expose any downstream organization that automatically trusts npm packages.
  • Stolen CI/CD secrets enable attackers to pivot into cloud environments, exfiltrate data, or deploy ransomware.
  • Traditional perimeter defenses often miss malicious code that runs only during build pipelines.

Who Is Affected — Software development firms, cloud service providers, DevOps tooling vendors, and any organization that integrates @antv packages into automated build pipelines (spanning finance, healthcare, SaaS, and more).

Recommended Actions

  • Conduct an immediate inventory of all @antv npm dependencies across your codebase.
  • Enforce signed package verification (e.g., npm’s --verify-integrity or third‑party SBOM tools).
  • Rotate all CI/CD credentials and secrets stored in GitHub Actions, AWS IAM, Kubernetes service accounts, Vault, npm tokens, and 1Password.
  • Implement least‑privilege policies for service accounts and enforce short‑lived tokens.
  • Deploy runtime monitoring on build agents to detect anomalous credential access.

Technical Notes — The malware is delivered via a trojanized postinstall script in the compromised packages. It leverages standard Node.js APIs to locate credential files and environment variables, then exfiltrates them to attacker‑controlled endpoints. No CVE is directly involved; the attack vector is a third‑party dependency supply‑chain compromise. Source: Microsoft Security Blog

📰 Original Source
https://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Vendor Risk Hub

This is the scenario continuous vendor monitoring is built to catch.

When a vendor is compromised, your SOC 2 vendor-management controls are what produce the audit trail showing you knew, assessed, and acted. The Verisq AI Trust Operations platform tracks that continuously.

Explore the Verisq AI Trust Operations platform →