The government has issued a new warning regarding the 'Shai Hulud' virus. CERT-In (the Ministry of Home Affairs' nodal cybersecurity agency) has alerted the country's startups and IT companies to the threat. This malware poses a significant risk of cyberattack by specifically targeting the JavaScript Node Package Manager (npm) ecosystem. If successful, it could leak the personal data of users across various apps, websites, and digital services. Startups and IT firms have been urged to take immediate steps to prevent this malware attack.
Understanding the Shai Hulud threat
The name Shai Hulud is borrowed from the science fiction novel series by Frank Herbert. This malware campaign attacks the JavaScript npm ecosystem, which is the world’s largest ecosystem used by developers to build open-source software. If an organisation's npm ecosystem is compromised, it could severely and adversely impact its apps, websites, and digital services.
Cybercriminals use the Shai Hulud malware to infiltrate JavaScript packages, allowing the malicious code to spread automatically throughout development projects. According to CERT-In, cybercriminals can launch these campaigns via phishing emails that contain npm spoofing. These phishing attempts are designed to steal developers' email credentials and passwords.
Once injected into a system, this malware can compromise the data of users across affected apps, websites, and digital services. CERT-In reports that more than 500 npm packages have already been targeted by this virus. There is a high risk that the virus could soon spread to networks through these affected packages.
CERT-In's immediate recommendations
- CERT-In has strongly advised all startups and IT firms to take immediate action:
- Software Review: Immediately review all software systems.
- Credential Rotation: Developers should rotate their credentials (passwords).
- MFA Implementation: Implement phishing-resistant Multi-Factor Authentication (MFA).
- App Deletion: Delete GitHub applications immediately.
- Firewall Monitoring: Closely monitor firewalls to block any suspicious activity.
- Immediate Remediation: If any issues or anomalies are detected, they must be fixed immediately.
ALSO READ: Why choose iPhone 16 when iPhone 17 is so affordable?
