Twitter/X

Mini Shai-Hulud installs and launches a background monitor on infected machines…

2026-05-12 · 23:41 UTC ·@daniel_mac8 ·0 min read

Brief

Mini Shai-Hulud is a malicious npm campaign that installs a persistent background monitor and, per @daniel_mac8, will wipe a user’s home directory if you revoke your GitHub token. Aikido Security reported at 5:05 PT that the attack spans 373 malicious package-version entries across 169 npm packages (e.g., @uipath, @squawk, @tallyui, @beproduct) and steals CI credentials to publish compromised releases; IOCs and detection guidance are on Aikido’s blog.

Why it matters

Mini Shai-Hulud installs and launches a background monitor on infected machines and, according to @daniel_mac8, will wipe the user's home directory if you try to revoke your GitHub token.

Key details

  • Aikido Security (update 5:05 PT) reports the campaign expanded beyond @TanStack and @Mistral to 373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, and @beproduct; the malware steals CI credentials to publish compromised versions.
  • Aikido published full IOCs, the affected package list, and detection steps at aikido.dev/blog/mini-shai-hu… (reported 2026-05-12 23:41:06+00:00).
Source evidence

Mini Shai-Hulud is bad. It's real bad.

Installs and launches a background monitor on your machine. If you try to revoke your GH token, it wipes your home directory.

Anyway, it was nice being able to download and install things from the internet while it lasted.

Aikido Security (@AikidoSecurity)

Update 5:05 PT: The attack has now expanded well beyond @TanStack and @Mistral.

373 malicious package-version entries across 169 npm package names, including @uipath, @squawk, @tallyui, @beproduct, and more.

The malware propagates by stealing your CI credentials and using them to publish new compromised versions.

Full IOCs, affected package list, and detection steps: aikido.dev/blog/mini-shai-hu…

— https://nitter.net/AikidoSecurity/status/2053990513280475405#m