The **Shai-Hulud** malware leaked last week is now being exploited in new attacks targeting the **Node Package Manager (npm)** index, with infected packages appearing over the weekend. A threat actor operating under the account *deadcode09284814* published four malicious packages on npm. One of these packages embedded a non-obfuscated version of **Shai-Hulud**, targeting developer credentials, secrets, cryptocurrency wallet data, and account information. All malicious packages were designed to exfiltrate sensitive information, such as credentials and configuration files. One package went further, turning the compromised system into a bot for distributed denial-of-service (DDoS) attacks. ### Typosquatting Attack Researchers at **OXsecurity**, a company focused on application security, discovered these malicious uploads. The threat actor employed typosquatting techniques, using misspelled names to target **Axios** users, along with some generic names: 1. **chalk-tempalte** – Shai-Hulud clone (information stealer) 2. **@deadcode09284814/axios-util** – Credential and cloud config stealer 3. **axois-utils** – Infostealer + persistent DDoS botnet (“phantom bot”) 4. **color-style-utils** – Basic infostealer targeting crypto wallets and IP info According to the researchers, the *chalk-tempalte* package contains a clone of the **Shai-Hulud** malware, previously attributed to the **TeamPCP** hacker group, responsible for the recent [Mini Shai-Hulud software supply-chain attack](https://www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/). The malware surfaced on **GitHub** last week, accompanied by a message purportedly from **TeamPCP**: "Here We Go Again - Let the Carnage Continue. A Gift from TeamPCP." The *chalk-tempalte* package marks the first documented instance of a **Shai-Hulud** clone being deployed on npm. However, **OXsecurity** notes that it's a basic example, essentially an unmodified copy of the leaked source code lacking any protective measures. "One incriminating evidence that this is a different actor from **TeamPCP**, is that the **Shai-Hulud** malware code is an almost exact copy of the leaked source code, with no obfuscation techniques, which make the final version visually different from the original," **OXsecurity explains**. The malware steals credentials, secrets, crypto wallet data, and account information, exfiltrating it to a command-and-control (C2) server at 87e0bbc636999b[.]lhr[.]life. The code retains the **GitHub** publishing functionality, automatically uploading stolen credentials to public, auto-generated repositories. ### DDoS Capabilities Of the four packages, *axois-utils* stands out due to its inclusion of DDoS capabilities, in addition to the information-stealing functionality common to all four packages. The package supports HTTP, TCP, and UDP floods, as well as TCP reset attacks. Researchers also uncovered internal references to a “phantom bot.”  **DDoS attack code** *Source: OXsecurity* The [Shai-Hulud campaign](https://www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/) has undergone multiple iterations [since September 2025](https://www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/), compromising developers’ data by injecting malware into legitimate projects. Stolen credentials for accounts with publishing rights were then used to expose exfiltrated information in public **GitHub** repositories. These campaigns have been attributed to the **TeamPCP** hacker group. In a previous report, **OXsecurity says** that threat actors quickly copied the malware source code and began modifying it to expand its capabilities. Researchers advise developers who downloaded infected npm packages to remove them immediately and rotate their credentials and API keys on affected systems. **OXsecurity** reports that the four packages had a combined download count of 2,678.