OX Security — First Shai-Hulud Clones Hit npm with DDoS Botnet

AI relevance: The Shai-Hulud worm targets developer toolchains (npm, PyPI) widely used in AI/ML pipelines and AI agent ecosystems; its leaked source code is already spawning copycat infostealers and DDoS botnets that compromise developer machines feeding AI infrastructure.

What happened

Just days after TeamPCP released the Shai-Hulud supply-chain worm's source code on GitHub alongside a BreachForums bounty contest, OX Security detected the first documented clone deployed in the wild. A single threat actor operating under the npm account deadcode09284814 published four malicious packages over the weekend:

• chalk-tempalte — A near-exact, unobfuscated copy of the leaked Shai-Hulud source code, repointed at a new C2 server (87e0bbc636999b[.]lhr[.]life). Steals credentials, secrets, crypto wallets, and account info, then uploads them to auto-generated GitHub repos.
• @deadcode09284814/axios-util — Credential and cloud configuration stealer.
• axois-utils — Infostealer plus "phantom bot" DDoS capability supporting HTTP, TCP, and UDP floods as well as TCP reset attacks.
• color-style-utils — Basic infostealer targeting crypto wallets and IP information.

The actor used typosquatting to target Axios users and generic package names. Combined weekly downloads across the four packages reached ~2,678 before detection.

Why it matters

• Democratization of supply-chain malware. TeamPCP's source code release removed the technical barrier to entry. The chalk-tempalte clone was deployed with zero modifications beyond the C2 endpoint — any script kiddie can now run Shai-Hulud.
• Escalation beyond credential theft. The axois-utils package adds DDoS botnet functionality, showing copycats are extending the malware's capabilities rather than simply copying it.
• AI developer toolchain at risk. npm packages feed into AI agent build pipelines, coding assistants, and ML toolchains. Compromised developer machines become a lateral path into AI infrastructure.
• OX Security warns this is just phase one. "We're now seeing a single actor with multiple techniques and infostealer types spreading malicious code onto NPM, as it's just the first phase of an upcoming wave of supply chain attacks coming."

What to do

• Uninstall any of the four malicious packages immediately if present in your project dependencies.
• Scan IDE and coding agent configurations (Claude Code, Cursor, etc.) for malicious hooks or persistence.
• Rotate all credentials, API keys, and tokens on any machine that may have installed affected packages.
• Check GitHub for repositories containing the string "A Mini Sha1-Hulud has Appeared" — the malware auto-publishes stolen credentials there.
• Implement package-lock integrity checks and use automated dependency scanning (Spectra Assure, Socket, OX Security) in CI/CD pipelines.

Sources

• OX Security — New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here
• BleepingComputer — Leaked Shai-Hulud malware fuels new npm infostealer campaign
• SecurityWeek — First Shai-Hulud Worm Clones Emerge
• The Register — Shai-Hulud copycat worm infects yet another npm package