Shai Hulud attack ships signed malicious TanStack, Mistral NPM packages (www.bleepingcomputer.com)

A significant supply-chain attack has compromised hundreds of npm and PyPI packages, with malware designed to steal developer credentials. Attributed to the TeamPCP threat group, the attack leveraged hijacked OpenID Connect (OIDC) tokens to publish malicious versions of valid TanStack and Mistral AI packages, thereby bypassing typical security measures. The use of SLSA Build Level 3 provenance attestations made the compromised packages appear legitimate, allowing for extensive infiltration into popular projects like Bitwarden CLI and Guardrails AI. Researchers reported over 160 compromised packages on npm and 416 across both npm and PyPI, posing a severe risk to developers who may unknowingly download these malicious versions. The attack is significant for the AI/ML community due to its implications for supply chain security, particularly as the malware targets sensitive credentials from various platforms, including GitHub Actions and AWS. The attackers chained multiple vulnerabilities to deliver the payload, employing sophisticated techniques such as GitHub Actions cache poisoning and exploiting orphaned commits. As the malware operates under the guise of encrypted traffic, detection and mitigation become challenging. Security experts recommend immediate actions for affected developers, including credential rotation and persistent monitoring. This incident underscores the need for enhanced security measures, like behavioral analysis and lockfile-only installs, to safeguard against future threats within the software development ecosystem.