npmの@antvパッケージがサプライチェーン攻撃で侵害される

Secure your dependencies with usSocket proactively blocks malicious open source packages in your code.InstallSocket’s Threat Research team is investigating an active npm supply chain attack involving compromised packages in the @antv ecosystem.The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly downloads. Socket quickly detected the malicious publish wave and classified the affected versions as known malware.Socket’s internal review identified hundreds of unique packages. The pattern matches Mini Shai-Hulud, a high-volume npm compromise pattern involving coordinated malicious publishes across packages tied to a compromised maintainer account.The affected package set includes widely used @antv packages such as @antv/g2, @antv/g6, @antv/x6, @antv/l7, @antv/s2, @antv/f2, @antv/g, @antv/g2plot, @antv/graphin, and @antv/data-set, along with related packages outside the @antv namespace, including echarts-for-react, timeago.js, size-sensor, canvas-nest.js, and others.The potential blast radius is significant because the affected publishing account is connected to widely used packages across data visualization, graphing, mapping, charting, and React component ecosystems. Even if only a subset of those packages received malicious updates, the popularity of the package ecosystem creates meaningful downstream exposure for organizations that automatically pull new dependency versions.That scale makes this one of the larger npm supply chain incidents Socket has investigated recently.This is a developing story. Socket is continuing to investigate the full scope of the compromise and will update this post as additional affected packages, versions, and payload details are confirmed.Technical Analysis: Malicious Payload#Our review of compromised @antv artifacts identified an install-time payload consistent with the Mini Shai-Hulud supply-chain malware family. A root-level index.js payload modifies package.json to execute it during installation:"preinstall":"bun run index.js"The injected index.js file is heavily obfuscated. It uses a large string-array lookup table, runtime string decoding, and a custom decryptor exposed through globalThis as fc2edea72. Decoded strings reveal the primary exfiltration endpoint, GitHub API usage, npm registry API usage, lock-file paths, and internal execution markers. This obfuscation is designed to hide sensitive strings from simple static inspection and is consistent with prior Mini Shai-Hulud variants observed across npm supply-chain compromises.The payload establishes a hardcoded HTTPS exfiltration path: https://t[.]m-kosche[.]com:443/api/public/otel/v1/traces.Collected data is serialized, compressed with gzip, encrypted with AES-256-GCM, and the AES key is wrapped using RSA-OAEP with SHA-256 before transmission. This prevents defenders from easily recovering stolen plaintext from network telemetry.The payload targets developer and CI/CD environments. It searches for GitHub tokens, npm tokens, AWS credentials, Kubernetes service-account material, Vault tokens, SSH/private keys, Docker authentication files, database connection strings, and other high-value development secrets. It also contains logic for common CI/CD platforms, including GitHub Actions, GitLab CI, Travis CI, CircleCI, Jenkins, Azure DevOps, AWS CodeBuild, Buildkite, AppVeyor, Bitbucket Pipelines, Drone, Semaphore, TeamCity, Bamboo, Bitrise, Vercel, Netlify, and Cloudflare Pages.GitHub Fallback ExfiltrationIn addition to the direct HTTPS endpoint, the payload includes a GitHub-based fallback exfiltration mechanism. If it obtains a usable GitHub token, it can create a repository under the victim’s account and commit stolen data into files under a results/ directory, using paths that follow this pattern:results/results-<timestamp>-<counter>.jsonThis behavior aligns with the broader Mini Shai-Hulud pattern of abusing trusted developer platforms as exfiltration and staging infrastructure. Socket previously documented GitHub repository creation in Mini Shai-Hulud-linked campaigns, including repository names following a <word>-<word>-<3 digits> pattern and repository descriptions used as campaign markers.Public GitHub search results for the reversed phrase niaga og ew ereh :duluh-iahs currently show roughly 1.9k repositories using the marker niagA oG eW ereH :duluH-iahS, which reverses to Shai-Hulud: Here We Go Again. The visible repositories use Dune-themed names such as sayyadina-stillsuit-852, atreides-ornithopter-112, harkonnen-phibian-552, fremen-fedaykin-225, and kanly-lasgun-874.One observed repository, Zaynex/sayyadina-stillsuit-852, contains a results directory and a README containing the same reversed marker. This matches the payload’s GitHub repository exfiltration logic and suggests the GitHub fallback path is operational.GitHub search reveals a rapidly updating cluster of threat actor-created repositories using a reversed Shai-Hulud campaign marker and Dune-themed naming, supporting the assessment that the malware’s GitHub fallback exfiltration path is active at scale.npm Propagation LogicThe payload also contains npm registry abuse logic. It can validate npm tokens through npm registry APIs, enumerate packages maintainable by the token owner, download package tarballs, inject the malicious payload, add a preinstall hook, bump package versions, and republish modified packages under the compromised maintainer’s identity.The injected package modification follows this general pattern:{

"scripts": {

"preinstall":"bun run index.js"

※ 著作権に配慮し、引用は冒頭3段落までです。続きは元記事をご覧ください。