SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.
Joined April 2018
- Tweets 4,065
- Following 406
- Followers 88,616
- Likes 3,389
1,125 Photos and videos
Pinned Tweet
8 Dec 2025
Recently, we’ve shipped a small but solid update to the Crypto Asset Tracing Handbook! 📘✨
📖Updated version on GitHub:
github.com/slowmist/Crypto-A…
🚀These additions expand the handbook’s coverage of cross-chain and laundering patterns — topics that many readers have been asking for:
1️⃣More bridge explorer links🔗:
• Squid
• Orbiter
• TeleSwap
2️⃣Two new case studies🔍:
• BTC Laundering Loops via Hyperunit
• Cross-Chain Source Analysis via Stargate Finance
If you’ve already read the handbook, this update makes it even more actionable. If you haven’t yet — now’s a great time to dive in.
🛡️We’ll keep refining the handbook over time to make on-chain tracing knowledge accessible to everyone in the crypto ecosystem.
31
30
138
101,987
Jun 12
✍️ Technical Analysis Published: From Python to Bun - Cross-Runtime Attack Chain Analysis of the Shai-Hulud Hades
MistEye has uncovered a new Shai-Hulud Hades variant targeting PyPI with a novel cross-runtime attack chain.
Malicious packages (e.g. openai_mcp-2.41.2, bramin-0.0.4) drop .pth files that auto-execute on Python interpreter startup. The payload silently checks for the Bun runtime — if absent, it downloads the official Bun binary from GitHub Releases, then executes a multi-layer obfuscated JavaScript payload (_index.js) for credential theft and post-exploitation.
This variant shares the same RSA public keys and infrastructure as previous Shai-Hulud campaigns (including the recent Red Hat Cloud Services npm poisoning).
Key capabilities include:
🔹 GitHub PAT / npm / AWS / cloud credential harvesting
🔹 Encrypted exfiltration (RSA-OAEP)
🔹 Persistence via systemd/launchd workspace propagation
🔹 CI/CD & GitHub Actions injection
🔹 AI-evasion via WMD-themed decoy comments
📖 Full technical analysis:
slowmist.medium.com/threat-i…
3
4
18
3,120
Jun 12
⚠️Supply chain poisoning is continuously evolving, making dependency scanning a necessary part of routine security practices.
MistEye DepScan: an open-source CLI tool by SlowMist, powered by threat intelligence, designed to detect malicious packages across npm, PyPI, Rust, Go, and RubyGems. It supports CI/CD integration with JSON / SARIF output.
More details👉github.com/slowmist/MistEye-…
4
2,098
Jun 7
🚨SlowMist TI Alert🚨
💸 Loss: 14.411518807585587 ETH
🔍 Root Cause: Storage slot collision between `ATOHook.rewards` mapping slot and Solady `ReentrancyGuard` fixed slot (`0x02215292eb9609279094554c6e223f800950648ddfa3da30329838d6c170928d`). The `nonReentrant` modifier in `getReward()` writes sentinel value `0xffffffffffffff` to the guard slot, which is simultaneously read as `rewards[attackContract]` due to the collision. This inflated reward is paid as ETH each call, allowing 200 repeated claims.
📌 Attacker (EOA): 0x2d2aafc193c24e59bd16139056ac9b4df4d37ad0
📌 Victim Contract: 0xa10de71ddb4e0d51938ef6e0118822e157a62888
📌 Attack Contract: 0x2441e480f62bf609a08da09143e4baf8a817d757
Storage collision between reward accounting and reentrancy guard enables unlimited reward drainage.
Powered by #SlowMist.AI
etherscan.io/tx/0xe4e2cc3b06…
9
7
66
48,019
Jun 5
🚨SlowMist TI Alert🚨
$DTXT/USDT Pair on BSC Drained Due to Spoofable Liquidity-Addition Detection Logic
Root cause:
DTXT determines whether an action is liquidity addition, liquidity removal, or a sell by comparing the difference between USDT.balanceOf(pair) and the Pair’s reserves. The attacker was able to transfer a tiny amount of USDT directly to the Pair, causing a large DTXT sell to be misclassified as liquidity addition, thereby bypassing the sell fee / swapFee logic.
Primitive:
Flash-loan-assisted liquidity addition/removal 1 wei USDT Pair balance spoofing direct Pair.swap to drain USDT.
Profit:
Approximately 35,041.106 USDT, after repaying a 1,077,366.001021 USDT flash loan from Moolah.
Related wallet addresses:
Attacker EOA: 0xd304ea1592f733e0a46436a01fe54bd504009526
Attack contract: 0x3065bc8ed8bd53bdc3fd4633c3097c40726b5f5f
Helper: 0xd2453ff82e1c5b568ddb260f1f0bb95169895428
DTXT: 0xac9bf7c320d4ce2d0ac978b83955dd67351897d2
DTXT/USDT Pair: 0x90bfc1dbc878ba54858ba8a635b3daebd2ac6c01
Tx:
bscscan.com/tx/0x07ba2ccf2b5…
4
4
36
6,306
Jun 4
✍️ Technical Analysis Published: Red Hat Cloud Services npm Package Supply Chain Poisoning
MistEye detected that multiple npm packages under the @redhat-cloud-services organization (a total of 32 packages and 96 versions) were implanted with a multi-layer obfuscated malicious loader, which is automatically triggered during installation via the preinstall hook.
After full reconstruction, the core payload is confirmed to be a variant of the Shai-Hulud malware family, possessing a wide range of advanced capabilities, including:
🔹GitHub Actions Runner memory reading
🔹Multi-cloud and local credential harvesting
🔹GitHub API exfiltration and dead-drop communication
🔹GitHub workflow injection
🔹npm self-propagation
🔹Persistence via Claude Code / VS Code / systemd / LaunchAgent
🔹Harden-Runner / StepSecurity evasion
🔹EDR/security product detection
We performed full deobfuscation and capability reconstruction on the following three samples:
• @redhat-cloud-services/frontend-components-config@6.11.3
• @redhat-cloud-services/types@3.6.1
• @redhat-cloud-services/rule-components@4.7.2
The report provides a detailed breakdown of the complete multi-stage attack chain, from the outer ROT AES-GCM layers through multiple obfuscation stages to the final payload execution.
📖 Full technical analysis:
medium.com/@slowmist/threat-…
2
5
21
4,351
Jun 4
🚨 SlowMist TI Alert 🚨
A new Rust-based supply-chain malware campaign, IronWorm, actively targeting developer environments and Web3/crypto ecosystems via malicious npm packages.
Potential attacker actions include credential theft, wallet seed and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret exfiltration, Tor-based command-and-control, and stealth via an eBPF rootkit.
Security teams should audit repositories for backdated commits, suspicious branches, unexpected build hooks, and commits attributed to automation-like identities such as claude, dependabot, renovate, or github-actions. Remove or deprecate affected package versions, publish clean releases, rotate all exposed secrets and tokens, review GitHub Actions artifacts, and rebuild potentially compromised developer or CI systems from clean images.
Thanks to @JFrogSecurity for the discovery and excellent analysis.
As always, stay vigilant!
enterprise.misteye.io/threat…
6
7
20
7,659
Jun 2
🚨 SlowMist TI Alert 🚨
MistEye has detected an active npm supply-chain attack compromising @redhat-cloud-services packages. Reported impact includes 31 affected packages, about 116,282 weekly downloads, and 300 GitHub repositories containing stolen credentials. The attack techniques show strong similarities to the previous Shai-Hulud npm campaign, including credential harvesting, malicious repository creation, and automated secret exfiltration. Public GitHub searches for the “Miasma: The Spreading Blight” marker, sorted by recent updates, still show newly appearing suspicious repositories, indicating that users are still being compromised.
Potential attacker actions include GitHub/npm token theft, AWS/GCP/Azure credential theft, SSH key and Kubernetes secret collection, local environment and wallet data exfiltration, malicious GitHub repository creation, persistence, and destructive behavior if stolen tokens are revoked.
Immediately remove or downgrade affected @redhat-cloud-services package versions, audit CI/CD workflows and dependency installs, rotate GitHub, npm, cloud, SSH, and wallet-related secrets, preserve logs, and rebuild exposed developer machines or runners from clean images.
As always, stay vigilant!
Live hunt: github.com/search?q=Miasma%3…
enterprise.misteye.io/threat…
11
25
6,695
May 29
🚨SlowMist TI Alert🚨
💸 Loss: 49.4801 WETH (~$98315.16)
🔍 Root Cause: An access control vulnerability exists in the `onlyOwner` modifier of the ONTR token contract. When `owner == address(0)`, any address can pass the check. Before the attack, the address's owner was always zero. The attacker exploited this vulnerability by calling `transferOwnership()` to set the attacker contract as the owner, then calling `desertJasper()` to add a hidden balance to the queue, and finally calling `glenFlash()` to execute `ashBud()`, directly increasing the address balance by `1e30` primitive units without adding `totalSupply`. The attacker then transferred the inflated tokens to a standard `PancakePair` and swapped them for real WETH using `swap()`.
📌 Attacker EOA: 0xe806b37a9f965bd9d54aadf9560c78957550b760
📌 Victim Pair: 0xd46d89f4675bc96328fbdeb443842cdb5fcd83fd
📌 Vulnerable Token Contract: 0xf074865358b0dd039beee075831f8a2ae6b1f3f3
Attack Impact: The attacker exploited an access control vulnerability in the token contract to inflate the balance, minting tokens for free and then stealing WETH from legitimate AMM liquidity pools.
Powered by #SlowMist.AI
2
9
36
9,234
May 29
🚨SlowMist TI Alert🚨
💸 Loss: 85,519.47 USDT
🔍 Root Cause: The `cliamRewred` function in `LegendaryMoneyMonNft` allows arbitrary reward claiming. The only authorization depends on `verify()` which checks `recoverSigner(...) == admin`. `recoverSigner` does not validate `ecrecover` returning `address(0)`, and `changeadmin()` allows setting admin to zero address. The attacker used an invalid signature (r=0, s=0, v=27) which returns `address(0)` from `ecrecover`, passing the check because `admin` was zero address at that moment.
📌 Attacker: 0xe1582248c593df4b367e131922438fec9d76e787
📌 Victim Contract: 0x92d60629ff5d53a0098b51e9b1d59546d1d8e5b6
📌 Vulnerable Contract: 0x92d60629ff5d53a0098b51e9b1d59546d1d8e5b6
The attacker exploited the zero-address signature bypass to drain all tokens from the contract and swapped them for USDT via PancakeSwap.
Powered by #SlowMist.AI
2
20
69
11,933
May 28
✍️We have released an in-depth technical analysis report on the #TrapDoor cross-ecosystem supply chain credential theft campaign.
TrapDoor was first disclosed by the @SocketSecurity on May 24. Subsequently, we conducted continuous threat hunting through our MistEye threat intelligence system and issued an early warning.
The campaign spans npm, PyPI, and Crates.io, involving 34 malicious packages and 384 versions targeting developers in crypto, #DeFi, #Solana, #Sui/Move, and #AI.
🔍In this report, we selected three representative samples for detailed analysis:
🔹PyPI: git-config-sync (disguised as a Git configuration synchronization tool)
🔹npm: token-usage-tracker (disguised as a token usage tracking tool)
🔹Crates.io: sui-framework-helpers (disguised as a Sui Move development helper library)
For each sample, we fully reconstructed the attack chain — from the entry-point trigger mechanisms (postinstall / init.py / build.rs), sensitive data collection scope, encryption and encoding methods, to the exfiltration channels and remote control infrastructure (ddjidd564.github.io, GitHub Gists, webhook.site).
Special thanks to @SocketSecurity for their outstanding initial research and disclosure of the TrapDoor campaign. Salute! 👏
📖 Full technical analysis :
medium.com/@slowmist/threat-…
May 25
🚨 SlowMist TI Alert 🚨
MistEye has detected a cross-registry supply chain attack targeting developers through malicious packages published to npm, PyPI, and Crates.io. The campaign includes 34 malicious packages and 384 related versions. Targeted communities include crypto, DeFi, Solana, Sui/Move, and AI developers.
Potential attacker actions include theft of crypto wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer secrets. Some payloads also attempt persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH.
Remove affected packages immediately. Isolate impacted systems, preserve logs, rotate exposed credentials, rebuild CI runners and developer machines from clean images, and review GitHub, cloud, SSH, and wallet activity.
As always, stay vigilant!
enterprise.misteye.io/threat…
3
8
24
10,839
May 28
🚨SlowMist TI Alert🚨
💸 Loss: 62.5 BNB & 1,195,918.92 JOE
🔍 Root Cause: Single-function reentrancy in `_removeLiquidityViaContract` – BNB sent via low-level `call` before updating `lpInfo[user].lpAmount`, allowing recursive calls.
📌 Attacker EOA: 0xaa761779945dcc5f26064fc6dcb36ffab6ac7610
📌 Attacker Contract: 0x31f81fcd91025728f24bd6f0e4efb156e345a4cf
📌 Vulnerable Proxy: 0xef0f12d08d66e76e1866e60f30a0daa578e00c04
📌 Vulnerable Implementation: 0xb12ce0a21f67a9fc3c8ad1c7dbc4b017b7e67319
Attackers exploited the delayed state write to repeatedly withdraw liquidity, netting 62.5 BNB and ~1.196M JOE via 25 reentrancy loops.
Powered by #SlowMist.AI
2
13
67
12,998
May 25
🚨SlowMist TI Alert🚨
💸 Loss: 8,080.16 USDT 11,702.08 USDC
🔍 Root Cause: `WUSD._deglove()` uses `GLOVE.creditlessOf(msg.sender)` as the unlock base without verifying the source or epoch of creditless GLOVE. In addition, WUSD’s epoch/vesting logic was driven by cumulative wrap volume, which could be flash-loan amplified and advanced 100 epochs inside one tx. This converted creditless GLOVE into transferable GLOVE atomically.
📌 Attacker: 0x88329a09428778f62bc0c8baac0997864e5a57f8
📌 Victim: Uniswap V3 liquidity pools (GLO/USDT: 0xa2bd1a142ff49131b8cc70a332bda0125018c324, GLO/USDC: 0xb89f65d6c7d33a35da7c01934e310a6f40e18a1f)
📌 Vulnerable Contract: WUSD (0x068e3563b1c19590f822c0e13445c4fa1b9eefa5)
Attacker exploited a credit accounting flaw in WUSD/GLOVE to mint and unlock transferable GLOVE, then drained USDT/USDC from Uniswap V3 pools.
Powered by #SlowMist.AI
etherscan.io/tx/0x2051c1f8d4…
2
4
24
4,749
May 25
🚨 SlowMist TI Alert 🚨
MistEye has detected a cross-registry supply chain attack targeting developers through malicious packages published to npm, PyPI, and Crates.io. The campaign includes 34 malicious packages and 384 related versions. Targeted communities include crypto, DeFi, Solana, Sui/Move, and AI developers.
Potential attacker actions include theft of crypto wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer secrets. Some payloads also attempt persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH.
Remove affected packages immediately. Isolate impacted systems, preserve logs, rotate exposed credentials, rebuild CI runners and developer machines from clean images, and review GitHub, cloud, SSH, and wallet activity.
As always, stay vigilant!
enterprise.misteye.io/threat…
8
13
37
19,855
May 25
🥳We are thrilled to announce our ecosystem partnership with @www_back_im!
SlowMist Zone brings together top industry security expertise. By partnering with @www_back_im, we aim to deliver more comprehensive crypto asset security solutions and build a safer blockchain ecosystem together. 💪
May 25
🎉 正式宣布!imBack 已成为 @SlowMist_Team 慢雾区生态合作伙伴!
慢雾(slowmist.com)是全球领先的区块链安全公司,提供“由AI驱动、从威胁发现到威胁防御一体化、因地制宜”的全链路安全解决方案。慢雾区(slowmist.io/)是由慢雾科技打造并运营的区块链生态安全社区,汇聚了顶尖安全研究人员与行业从业者。
imBack(back.im)专注加密货币钱包忘记密码、助记词缺失等问题的专业找回。两者互补,共同为用户提供从预防到资产恢复的安全闭环。
感谢慢雾安全团队的认可与支持!
#SlowMist #区块链安全 #CryptoRecovery #imBack
1
1
7
7,628
May 22
We combed through the full attack chain behind the Shai-Hulud / Mini Shai-Hulud supply chain attacks since May 2026.
From the collapse of TanStack’s CI/CD trust boundary, to the malicious Nx Console VS Code extension, and later the @antv, PyPI durabletask, and GitHub internal private repository breach incidents, the attackers completed coordinated lateral expansion across npm, PyPI, IDE extensions, and cloud environments within roughly a week.
⚠️This was not a series of isolated incidents, but a mature attack pipeline built around “trusted release channels → credential harvesting → lateral propagation.”
Read the full analysis and incident breakdown 🔎
slowmist.medium.com/black-ma…
3
11
25
5,051
May 21
We’ve released a detailed technical analysis of the supply chain poisoning activities related to Mini Shai-Hulud.
Within just 22 minutes, the attacker-controlled npm account “atool” published 637 malicious versions across 317 npm packages, including popular dependencies in the AntV ecosystem and echarts-for-react. At the same time, the attackers also poisoned Python packages such as durabletask while impersonating official Microsoft releases.
The malware primarily targets sensitive credentials from cloud environments including AWS, GCP, Azure, Kubernetes, and Vault, as well as npm and GitHub tokens. It also features supply chain self-propagation and persistence mechanisms targeting AI coding assistants such as Claude Code and Codex.
Full technical analysis👇
slowmist.medium.com/threat-i…
May 20
🚨 MistEye TI Alert 🚨
Based on recent intelligence, multiple high-frequency npm packages, including AntV and Echarts-for-react, as well as the durabletask Python SDK, have been compromised by Mini Shai-Hulud supply chain attacks. Notably:
1. May 19, 2026: The npm account atool (i@hust.cc) was compromised, allowing attackers to automatically publish 637 malicious versions across 317 packages within 22 minutes.
2. May 20, 2026 (Beijing Time): Within 35 minutes, attackers consecutively uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 at 00:19, 00:49, and 00:54, bypassing normal release controls and impersonating official Microsoft releases.
Additionally, these two events—the large-scale GitHub token leaks (potentially exposing official repositories) and the Grafana Labs targeted ransom attack—are likely related to the Mini Shai-Hulud supply chain compromise:
• GitHub token leaks: Evidence suggests some leaked tokens may have been used to access and potentially sell official GitHub repositories. The leaks were caused by a compromised employee device, which involved a polluted VS Code extension.
• Grafana Labs attack (May 16, 2026): A cybercrime group gained unauthorized access to their GitHub repositories, downloaded the codebase, and issued a ransom demand under threat of data disclosure.
Affected Components / Targets:
• npm packages: AntV, Echarts-for-react, and other high-frequency components in the npm ecosystem.
• Python packages: durabletask 1.4.1, 1.4.2, 1.4.3.
• Developer credentials and secrets: GitHub PATs, npm Tokens, AWS Keys, Kubernetes Secrets, Vault Tokens, SSH keys, and over 90 types of local sensitive files.
• GitHub repositories: internal codebases potentially accessible via leaked tokens.
• Grafana Labs’ repositories (downloaded by attackers; ransom demanded).
Potential Attacker Actions:
• Immediate exfiltration of cloud and local credentials upon package installation or import.
• Unauthorized access to internal repositories and sensitive cloud infrastructure.
• Lateral movement across developer machines, CI/CD pipelines, and cloud workloads.
• Sale and exploitation of leaked GitHub tokens.
• Supply chain compromise affecting dependent projects and production systems.
• Ransom demands and potential data disclosure threats against organizations, including open source platforms.
Detection Methods:
• Audit npm and PyPI dependencies for affected packages:
• npm: npm ls <package> --all
• Python: pip list --outdated or pip show durabletask to confirm versions.
• Inspect lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pipfile.lock) for malicious versions.
• Review CI/CD pipelines and deployment logs for installation of compromised packages.
• Monitor GitHub and cloud activity for unusual authentication events, including signs of leaked token usage.
Mitigation Measures:
• Immediately rotate all exposed GitHub, npm, PyPI, and cloud credentials.
• Replace affected npm/PyPI packages with verified safe versions or freeze dependency versions.
• Isolate potentially compromised systems and audit for credential theft or lateral movement.
• Apply security patches and review post-compromise artifacts in CI/CD pipelines.
Additional Recommendations:
• Enable real-time monitoring and alerting for suspicious token or key usage.
• Implement stricter dependency review policies and supply chain risk checks.
• Educate teams to verify package authenticity before installation.
• Monitor dark web or underground marketplaces for leaked credentials related to your organization.
SlowMist will continue to track and monitor developments related to this incident, including potential new malicious releases or related exploits.
MistEye has already pushed relevant threat intelligence to clients to help them proactively assess and mitigate risks.
enterprise.misteye.io/threat…
enterprise.misteye.io/threat…
4
13
39
20,084
May 20
🚨 MistEye TI Alert 🚨
Based on recent intelligence, multiple high-frequency npm packages, including AntV and Echarts-for-react, as well as the durabletask Python SDK, have been compromised by Mini Shai-Hulud supply chain attacks. Notably:
1. May 19, 2026: The npm account atool (i@hust.cc) was compromised, allowing attackers to automatically publish 637 malicious versions across 317 packages within 22 minutes.
2. May 20, 2026 (Beijing Time): Within 35 minutes, attackers consecutively uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 at 00:19, 00:49, and 00:54, bypassing normal release controls and impersonating official Microsoft releases.
Additionally, these two events—the large-scale GitHub token leaks (potentially exposing official repositories) and the Grafana Labs targeted ransom attack—are likely related to the Mini Shai-Hulud supply chain compromise:
• GitHub token leaks: Evidence suggests some leaked tokens may have been used to access and potentially sell official GitHub repositories. The leaks were caused by a compromised employee device, which involved a polluted VS Code extension.
• Grafana Labs attack (May 16, 2026): A cybercrime group gained unauthorized access to their GitHub repositories, downloaded the codebase, and issued a ransom demand under threat of data disclosure.
Affected Components / Targets:
• npm packages: AntV, Echarts-for-react, and other high-frequency components in the npm ecosystem.
• Python packages: durabletask 1.4.1, 1.4.2, 1.4.3.
• Developer credentials and secrets: GitHub PATs, npm Tokens, AWS Keys, Kubernetes Secrets, Vault Tokens, SSH keys, and over 90 types of local sensitive files.
• GitHub repositories: internal codebases potentially accessible via leaked tokens.
• Grafana Labs’ repositories (downloaded by attackers; ransom demanded).
Potential Attacker Actions:
• Immediate exfiltration of cloud and local credentials upon package installation or import.
• Unauthorized access to internal repositories and sensitive cloud infrastructure.
• Lateral movement across developer machines, CI/CD pipelines, and cloud workloads.
• Sale and exploitation of leaked GitHub tokens.
• Supply chain compromise affecting dependent projects and production systems.
• Ransom demands and potential data disclosure threats against organizations, including open source platforms.
Detection Methods:
• Audit npm and PyPI dependencies for affected packages:
• npm: npm ls <package> --all
• Python: pip list --outdated or pip show durabletask to confirm versions.
• Inspect lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pipfile.lock) for malicious versions.
• Review CI/CD pipelines and deployment logs for installation of compromised packages.
• Monitor GitHub and cloud activity for unusual authentication events, including signs of leaked token usage.
Mitigation Measures:
• Immediately rotate all exposed GitHub, npm, PyPI, and cloud credentials.
• Replace affected npm/PyPI packages with verified safe versions or freeze dependency versions.
• Isolate potentially compromised systems and audit for credential theft or lateral movement.
• Apply security patches and review post-compromise artifacts in CI/CD pipelines.
Additional Recommendations:
• Enable real-time monitoring and alerting for suspicious token or key usage.
• Implement stricter dependency review policies and supply chain risk checks.
• Educate teams to verify package authenticity before installation.
• Monitor dark web or underground marketplaces for leaked credentials related to your organization.
SlowMist will continue to track and monitor developments related to this incident, including potential new malicious releases or related exploits.
MistEye has already pushed relevant threat intelligence to clients to help them proactively assess and mitigate risks.
enterprise.misteye.io/threat…
enterprise.misteye.io/threat…
5
17
52
32,501
May 19
🚨 SlowMist TI Alert 🚨
The Shai-Hulud malware has resurfaced via the npm account atool(i@hust.cc), with over 600 malicious versions published. Notably, high-download packages such as size-sensor@1.1.4 (4.2M dl/mo), echarts-for-react@3.1.7 (3.8M dl/mo), and @antv/scale@0.6.2 (2.2M dl/mo) are at elevated risk.
The attack carries risks:
1. AI agent hijacking: Claude Code, Codex, and VS Code tasks can trigger a Bun bootstrapper that re-executes the malicious payload.
2. Credential harvesting: The malware collects credentials from cloud services, GitHub, npm, local environments, and CI/CD pipelines.
Using ^ to specify version ranges may cause npm to automatically install versions that have been compromised or contain security risks.
Detection & Mitigation Measures:
• Audit dependencies for any package published by atool (i@hust.cc) and check for suspicious preinstall scripts
• Remove compromised packages and rotate all exposed credentials
• Inspect CI/CD pipelines and local Node.js projects for malicious hooks or workflows
• Revert to safe package versions or known-good dependencies
⚠️ Critical Action:
Treat any system with affected packages as potentially compromised. Apply mitigation steps immediately.
enterprise.misteye.io/threat…
4
14
4,476