If you need some motivation to keep from eating too much this Thanksgiving, here it is: Doctors in Romania pulled an 11 cm (4.3 inch) living, writhing round worm from a woman’s left eyelid.

According to a report in the New England Journal of Medicine, the worm likely hatched from a hard lump in her right temple, which the woman recalled first spotting a month beforehand. She also noticed that the nodule had vanished just a day before the worm apparently made a squiggly run for her eye.

When she went to an ophthalmologist the next day, doctors immediately noted the “mobile lesion” on her eyelid, which was in the suspicious shape of a bunched-up worm just under her skin with a little redness and swelling.

Read full article

Comments

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised scripts, and GitHub users attacked, creating one of the most significant supply chain attacks this year.

The post The Latest Shai-Hulud Malware is Faster and More Dangerous appeared first on Security Boulevard.

A new Shai-Hulud supply chain attack has hit nearly 500 npm packages with a total of 132 million monthly downloads. The latest campaign follows one in September that infected nearly 200 npm packages with more than 2 billion weekly downloads. The new campaign targeting the packages used to run JavaScript outside of a browser was reported by Aikido and other security firms. Aikido noted that a total of 492 packages have been affected by the self-replicating worm, and more than 25,000 compromised repositories labeled “Sha1-Hulud: The Second Coming” have been created containing sensitive information like passwords, API keys, cloud tokens, and GitHub or npm credentials. “The timing is notable, given npm’s recent announcement that it will revoke classic tokens on December 9 after the wave of supply-chain attacks,” Aikido’s Charlie Eriksen said. “With many users still not migrated to trusted publishing, the attacker seized the moment for one more hit before npm’s deadline.”

Shai-Hulud Attack Affects Packages from Zapier, AsyncAPI and Others

Shai-Hulud, named after the giant sandworms from Dune, is a self-replicating npm worm built to spread quickly through compromised developer environments. The latest attack has hit major npm packages from the likes of Zapier, ENS, AsyncAPI, PostHog, Browserbase, and Postman. “Once it infects a system, it searches for exposed secrets such as API keys and tokens using TruffleHog and publishes anything it finds to a public GitHub repository,” Eriksen said. “It then attempts to push new copies of itself to npm, helping it propagate across the ecosystem, while exfiltrating data back to the attacker.” If a developer installs one of these malcicious packages, the malware runs quietly during installation before anything even finishes installing, giving the malware access to the developer’s machine, build systems, or cloud environment, he said. If stolen secrets include access to code repositories or package registries, attackers can use those secrets to break into additional accounts and publish more malicious packages, spreading the attack even further. “Because trusted ecosystems were involved and millions of downloads are affected, any team using NPM should immediately check whether they were impacted and rotate any credentials that may have leaked,” Eriksen said.

Shai-Hulud Worm Details

Ashish Kurmi of Step Security noted that the latest evolution of the malware “disguises the entire payload as a helpful Bun installer.” The core payload - bun_environment.js - is 10MB and uses “extreme obfuscation techniques,” Kurmi added. These include “a massive hex-encoded string array containing thousands of entries,” an anti-analysis loop “that performs millions of arithmetic operations,” and every string in the code is retrieved through an obfuscated function. The malware delays full execution on developer machines by “forking itself into the background,” Kurmi said. “The user’s terminal returns instantly, giving the illusion of a normal install, while seconds later a completely detached process begins exfiltration.” “It executes a sophisticated, multi-stage pre-install attack that targets both CI/CD runners and developer workstations with equal effectiveness,” Kurmi said. Wiz noted that the malware targets AWS, Azure and Google Cloud Platform (GCP) by “bundling official SDKs to operate independently of host tools.”

AttackIQ has released a new assessment template designed to emulate the various post-compromise Tactics, Techniques, and Procedures (TTPs) associated with a recent intrusion targeting Ukrainian organizations that aligns with patterns previously associated with Sandworm. While attribution remains unconfirmed, this assessment helps defenders improve their security posture against similarly sophisticated and persistent threats.

The post Emulating the Destructive Sandworm Adversary appeared first on AttackIQ.

The post Emulating the Destructive Sandworm Adversary appeared first on Security Boulevard.

Security researchers have uncovered a large-scale spam campaign within the npm ecosystem, now known as the IndonesianFoods worm. The attack involves over 43,000 spam packages published across at least 11 user accounts over the past two years. Rather than attempting to steal credentials or data, this worm focuses on polluting the npm registry with junk packages, an attack that nearly doubles the known number of malicious npm packages in existence.  The spam campaign began more than two years ago and has continued systematically, flooding the registry with dormant payloads disguised as legitimate projects. Paul McCarty’s investigation revealed that the worm had been quietly operating across multiple accounts, making it harder for detection systems to identify the scale of the operation. 

The Naming Scheme Behind the “IndonesianFoods Worm” 

The IndonesianFoods worm derives its name from its distinctive naming scheme and the internal dictionaries embedded within its malicious code. The script uses two lists, one containing Indonesian personal names such as andi, budi, cindy, and zul, and another containing Indonesian food terms like rendang, sate, bakso, and tapai.  When executed, the script randomly selects one name, one food term, adds a random number between 1 and 100, and appends a suffix like “-kyuki” or “-breki.” Examples of generated package names include “andi-rendang23-breki” and “zul-tapai9-kyuki.” This combination of names and foods gives the worm both its unique identity and its connection to Indonesia, which inspired its name.  McCarty stated that the attack “focuses on creating new packages rather than stealing credentials or engaging in other immediately malicious behavior.” Instead, it exploits npm’s open publishing model to overwhelm the registry with automated spam, disrupting developers, and polluting search results. 

Accounts and Behavior of the Spam Campaign 

The IndonesianFoods worm has been traced to at least 11 npm accounts, including voinza, yunina, noirdnv, veyla, vndra, vayza, doaortu, jarwok, bipyruss, sernaam.b.y, and rudiox. Each of these accounts was created specifically for this operation, collectively responsible for publishing thousands of packages. None of them appears to be compromised by legitimate users.  Once the malware is triggered, typically through a file like auto.js, it modifies the package.json file, assigns random version numbers, and publishes new packages continuously using the npm publish command. This happens in an infinite loop, creating a new spam package roughly every seven seconds. The result is an ongoing flood of junk data that strains npm’s infrastructure and risks contaminating legitimate dependency chains if developers accidentally install one of the packages.  Though the payload does not directly steal data or credentials, it turns the npm registry itself into an attack vector, weaponizing its openness to spread an enormous volume of fake packages. 

Conclusion 

The IndonesianFoods worm exposes how modern spam campaigns in software supply chains rely on automation and persistence to evade detection. Over two years, attackers, possibly linked to Indonesia, published tens of thousands of malicious npm packages, undermining trust in open ecosystems.   With threats growing more coordinated, Cyble’s AI-native threat intelligence platform helps organizations detect, predict, and neutralize new cyber risks. Book a free demo to uncover vulnerabilities and strengthen your defense against large-scale attacks like the IndonesianFoods worm. 

Cyble Research and Intelligence Labs (CRIL) have uncovered a cyber-espionage operation that used a weaponized ZIP archive to infiltrate defense-sector systems. The malicious file—disguised as a Belarusian military document titled “ТЛГ на убытие на переподготовку.pdf” (“TLG for departure for retraining.pdf”)—delivered a highly advanced backdoor capable of establishing covert access through SSH and Tor.  The campaign specifically leveraged the Belarusian military theme to deceive personnel linked to Special Operations Command and those specializing in UAV or drone operations. CRIL’s findings suggest the attack aimed to gather intelligence about the region’s unmanned aerial capabilities or possibly mask the attacker’s true identity through a false-flag narrative.  This operation builds on methods first observed in the December 2024 “Army+” campaign, previously attributed to the Sandworm group (APT44/UAC-0125). The October 2025 version shows notable technical evolution, employing improved obfuscation, operational security, and anonymization measures. 

Infection Chain and Anti-Detection Measures 

The malicious ZIP archive was carefully constructed to evade both human suspicion and automated detection. Inside the ZIP archive, the victim would find an LNK shortcut masquerading as a PDF file and a hidden folder named “FOUND.000” containing another compressed file, persistentHandlerHashingEncodingScalable.zip. When executed, the LNK shortcut launched an obfuscated PowerShell script instead of opening a legitimate document.  The PowerShell payload extracted files to the %appdata%\logicpro directory and ran additional code that maintained stealth through obfuscation and environmental awareness. Before executing, it checked that the infected system contained at least ten recent shortcut files and fifty or more running processes—conditions typical of real user environments but not sandboxes. If these checks fail, the script terminates, effectively bypassing automated malware analysis systems.  While the decoy PDF was opened to distract the victim, the malware silently proceeded to install persistent services in the background. 

Scheduled Tasks, Persistence, and Backdoor Setup 

Persistence was achieved through scheduled tasks created using XML templates extracted from the ZIP archive. Two tasks were registered: one to deploy OpenSSH for Windows (renamed as githubdesktop.exe) and another to run a modified Tor client (renamed as pinterest.exe).  The OpenSSH binary established a local SSH service on port 20321 using only RSA key-based authentication, disabling passwords entirely. The authorized keys and configuration files were stored in hidden directories under AppData\Roaming\logicpro. In parallel, the Tor service created a hidden .onion address and forwarded several critical ports: 

• SSH (20322 → 127.0.0.1:20321) 
• SMB (11435 → 127.0.0.1:445) 
• RDP (13893 → 127.0.0.1:3389) 

To conceal traffic, the malware employed the obfs4 protocol, disguising Tor communications as legitimate network traffic. Two bridge relays—77.20.116.133:8080 and 156.67.24.239:33333—served as entry points into the Tor network.  Once connected, the malware generated a unique .onion hostname and sent it to the attacker’s command-and-control server via a curl command routed through the Tor SOCKS5 proxy. The command used 1,000 retries with three-second intervals to ensure successful data delivery. This process gave the attacker continuous, anonymous access to the compromised host. 

Attribution, Impact, and Defensive Measures 

CRIL’s analysis confirmed that the backdoor allowed full remote access through SSH, RDP, SFTP, and SMB channels, all tunneled through Tor for anonymity. Analysts verified the backdoor’s functionality by establishing a controlled SSH session using the embedded RSA keys and proxy configuration. No secondary payloads or lateral movements were detected, suggesting the attackers were in the reconnaissance phase.  The October 2025 sample closely resembles techniques used in the December 2024 Army+ campaign attributed to Sandworm (APT44). The overlap includes double-extension lures, scheduled task persistence, and the integration of OpenSSH and Tor for covert tunneling. Sandworm, associated with Russia’s GRU Unit 74455, has a long history of targeting Ukraine’s infrastructure, including the BlackEnergy attacks in 2015, the NotPetya outbreak in 2017, and a 2023 breach of Kyivstar.  Despite these similarities, CRIL maintains moderate confidence in linking this operation directly to Sandworm. The Belarusian military focus could reflect either an intelligence-gathering mission or a deliberate misdirection tactic.  To mitigate such threats, CRIL recommends that defense organizations: 

• Strengthen email filtering to detect nested or double-extension ZIP archives. 
• Train personnel to verify document authenticity through secondary channels. 
• Deploy a behavioral endpoint detection capable of flagging suspicious PowerShell activity and unauthorized scheduled tasks. 
• Block or monitor Tor and obfs4 traffic at the network level. 
• Audit SSH key usage and identify any OpenSSH instances running on non-standard ports. 

At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel series — because it publishes any stolen credentials in a new public GitHub repository that includes the name “Shai-Hulud.”

“When a developer installs a compromised package, the malware will look for a npm token in the environment,” said Charlie Eriksen, a researcher for the Belgian security firm Aikido. “If it finds it, it will modify the 20 most popular packages that the npm token has access to, copying itself into the package, and publishing a new version.”

At the center of this developing maelstrom are code libraries available on NPM (short for “Node Package Manager”), which acts as a central hub for JavaScript development and provides the latest updates to widely-used JavaScript components.

The Shai-Hulud worm emerged just days after unknown attackers launched a broad phishing campaign that spoofed NPM and asked developers to “update” their multi-factor authentication login options. That attack led to malware being inserted into at least two-dozen NPM code packages, but the outbreak was quickly contained and was narrowly focused on siphoning cryptocurrency payments.

In late August, another compromise of an NPM developer resulted in malware being added to “nx,” an open-source code development toolkit with as many as six million weekly downloads. In the nx compromise, the attackers introduced code that scoured the user’s device for authentication tokens from programmer destinations like GitHub and NPM, as well as SSH and API keys. But instead of sending those stolen credentials to a central server controlled by the attackers, the malicious nx code created a new public repository in the victim’s GitHub account, and published the stolen data there for all the world to see and download.

Last month’s attack on nx did not self-propagate like a worm, but this Shai-Hulud malware does and bundles reconnaissance tools to assist in its spread. Namely, it uses the open-source tool TruffleHog to search for exposed credentials and access tokens on the developer’s machine. It then attempts to create new GitHub actions and publish any stolen secrets.

“Once the first person got compromised, there was no stopping it,” Aikido’s Eriksen told KrebsOnSecurity. He said the first NPM package compromised by this worm appears to have been altered on Sept. 14, around 17:58 UTC.

The security-focused code development platform socket.dev reports the Shai-Halud attack briefly compromised at least 25 NPM code packages managed by CrowdStrike. Socket.dev said the affected packages were quickly removed by the NPM registry.

In a written statement shared with KrebsOnSecurity, CrowdStrike said that after detecting several malicious packages in the public NPM registry, the company swiftly removed them and rotated its keys in public registries.

“These packages are not used in the Falcon sensor, the platform is not impacted and customers remain protected,” the statement reads, referring to the company’s widely-used endpoint threat detection service. “We are working with NPM and conducting a thorough investigation.”

A writeup on the attack from StepSecurity found that for cloud-specific operations, the malware enumerates AWS, Azure and Google Cloud Platform secrets. It also found the entire attack design assumes the victim is working in a Linux or macOS environment, and that it deliberately skips Windows systems.

StepSecurity said Shai-Hulud spreads by using stolen NPM authentication tokens, adding its code to the top 20 packages in the victim’s account.

“This creates a cascading effect where an infected package leads to compromised maintainer credentials, which in turn infects all other packages maintained by that user,” StepSecurity’s Ashish Kurmi wrote.

Eriksen said Shai-Hulud is still propagating, although its spread seems to have waned in recent hours.

“I still see package versions popping up once in a while, but no new packages have been compromised in the last ~6 hours,” Eriksen said. “But that could change now as the east coast starts working. I would think of this attack as a ‘living’ thing almost, like a virus. Because it can lay dormant for a while, and if just one person is suddenly infected by accident, they could restart the spread. Especially if there’s a super-spreader attack.”

For now, it appears that the web address the attackers were using to exfiltrate collected data was disabled due to rate limits, Eriksen said.

Nicholas Weaver is a researcher with the International Computer Science Institute, a nonprofit in Berkeley, Calif. Weaver called the Shai-Hulud worm “a supply chain attack that conducts a supply chain attack.” Weaver said NPM (and all other similar package repositories) need to immediately switch to a publication model that requires explicit human consent for every publication request using a phish-proof 2FA method.

“Anything less means attacks like this are going to continue and become far more common, but switching to a 2FA method would effectively throttle these attacks before they can spread,” Weaver said. “Allowing purely automated processes to update the published packages is now a proven recipe for disaster.”