1
Threat Overview
Malware threats have been identified in the npm package 'node-ipc' and the GitHub Action 'actions-cool/issues-helper'. These threats involve credential stealing and supply chain attacks. The attacks are attributed to new actors deploying Shai-Hulud clones and compromising @antv packages on npm.
2
Key Intelligence Points
1. The 'node-ipc' npm package has been infected with a credential stealer. 2. The 'actions-cool/issues-helper' GitHub Action has been compromised, affecting all tags and potentially leading to supply chain attacks. 3. New actors are deploying Shai-Hulud clones, which are copies of the original malware. 4. The attacks involve compromising @antv packages on npm, which could lead to further supply chain attacks.
3
MITRE ATT&CK Techniques
T1204.001 User Execution: Malicious File T1568.002 Dynamic Resolution: Domain Name System
4
Indicators of Compromise (IOCs) / Affected Systems
node-ipc actions-cool/issues-helper Shai-Hulud clones
5
Mitigation & Detection
Update the 'node-ipc' package to a secure version and monitor GitHub Actions for suspicious activity.