Overview
- Security teams reported on Monday, June 1, 2026, that at least 32 package releases in the @redhat-cloud-services npm namespace contained unauthorized, obfuscated preinstall hooks that run during npm install.
- Analysis shows the payload is a Mini Shai‑Hulud–derived worm that harvests GitHub Actions secrets, npm tokens, SSH/Git keys and cloud credentials and adds new collectors for Google Cloud and Azure identities.
- Stolen data is encrypted and sent to api.anthropic[.]com with public GitHub commits used as a fallback, and the malware attempts persistence in developer tools and CI runners so uninstalling packages alone is not enough.
- Most malicious package versions were revoked by registry operators after the discovery, but investigators warn some tainted releases remained and recommend rotating all exposed credentials, suspending affected CI workflows, and removing or pinning packages.
- Researchers say the tactics match TeamPCP’s public Mini Shai‑Hulud tooling but stop short of firm attribution because the original code is publicly available, and they urge organizations to audit developer workstations, build logs, and artifact provenance.