A sophisticated supply chain attack compromised Zapier’s NPM account, infecting 425 packages with the Shai Hulud malware, a self-propagating worm targeting the Bun runtime environment. The attack weaponized widely used libraries (e.g., `@zapier/mcp-integration`), which collectively receive ~132 million monthly downloads, exposing thousands of downstream applications and organizations.The malware harvested credentials and exfiltrated them to GitHub repositories (26,300+ exposed repos), enabling lateral movement, unauthorized cloud access, and further compromises. While some payloads failed to deploy fully (missing `bun_environment.js`), the staging code (`setup_bun.js`) established persistence, leaving systems vulnerable to remote updates.The incident forced organizations to audit dependencies, rotate credentials, and monitor for IOCs, highlighting critical gaps in supply chain security and dependency integrity within the npm ecosystem. The scale of credential leaks and potential downstream breaches amplifies the long-term operational and reputational risks.
Source: https://cyberpress.org/zapiers-npm-account-compromised/
Zapier cybersecurity rating report: https://www.rankiteo.com/company/zapier
"id": "ZAP0911609112525",
"linkid": "zapier",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'automation/integration',
'name': 'Zapier',
'type': 'technology company'},
{'industry': 'analytics',
'name': 'PostHog',
'type': 'technology company'},
{'industry': 'API tooling',
'name': 'AsyncAPI',
'type': 'open-source initiative'},
{'industry': 'API development',
'name': 'Postman',
'type': 'technology company'},
{'industry': 'web3/domain services',
'name': 'ENS Domains',
'type': 'blockchain project'}],
'attack_vector': ['compromised NPM account',
'malicious package updates (setup_bun.js)',
'self-propagating worm (bun_environment.js)',
'GitHub exfiltration'],
'customer_advisories': ['Immediately remove affected packages',
'Rotate all secrets potentially exposed via npm '
'installations',
'Report suspicious runtime behavior (e.g., Bun '
'environment downloads)'],
'data_breach': {'data_exfiltration': 'yes (to GitHub repositories)',
'file_types_exposed': ['JavaScript (setup_bun.js)',
'runtime scripts (bun_environment.js)'],
'number_of_records_exposed': '26,300 (GitHub repositories)',
'sensitivity_of_data': 'high (authentication secrets, API '
'keys, tokens)',
'type_of_data_compromised': ['credentials',
'secrets',
'environment variables']},
'description': 'A supply chain attack compromised Zapier’s NPM account, '
'infecting 425 packages with the Shai Hulud malware. The '
'malware operates as a self-propagating worm, targeting '
'Windows, Linux, and macOS systems by manipulating environment '
'variables and detecting Bun runtime installations. It '
'harvests credentials and publishes them to GitHub '
'repositories with randomized names and the description '
"'Sha1-Hulud: The Second Coming.' Approximately 26,300 "
'repositories were exposed, containing leaked credentials. The '
'attack affects high-profile organizations like Zapier, '
'PostHog, AsyncAPI, Postman, and ENS Domains, with impacted '
'packages receiving ~132 million monthly downloads.',
'impact': {'brand_reputation_impact': ['high (due to widespread package '
'usage)',
'trust erosion in NPM ecosystem'],
'data_compromised': ['credentials', 'secrets'],
'identity_theft_risk': 'high (26,300 exposed repositories with '
'leaked credentials)',
'operational_impact': ['compromised development pipelines',
'production environment risks',
'lateral movement potential'],
'systems_affected': ['Windows', 'Linux', 'macOS']},
'initial_access_broker': {'backdoors_established': ['setup_bun.js staging '
'code',
'persistence via '
'environment variables'],
'entry_point': 'compromised Zapier NPM account',
'high_value_targets': ['development pipelines',
'production environments',
'cloud infrastructure '
'credentials']},
'investigation_status': 'ongoing (analysis of incomplete payload deployment '
'and exfiltrated data)',
'lessons_learned': ['Supply chain attacks via package managers (NPM) pose '
'severe risks to downstream users.',
'Dependency trust models require stricter validation '
'(e.g., package signing, provenance checks).',
'Multi-platform malware (Windows/Linux/macOS) increases '
'attack surface.',
'Credential harvesting via GitHub exfiltration highlights '
'gaps in secret management.',
'Incomplete payload deployment (missing '
'bun_environment.js) can still enable future remote '
'exploitation.'],
'motivation': ['credential theft',
'lateral movement',
'unauthorized cloud access',
'supply chain disruption'],
'post_incident_analysis': {'corrective_actions': ['Mandate multi-factor '
'authentication for package '
'publishers.',
'Deploy automated malware '
'scanning for npm packages '
'(e.g., static/dynamic '
'analysis).',
'Isolate build environments '
'to limit lateral movement.',
'Implement real-time '
'monitoring for credential '
'exfiltration (e.g., GitHub '
'API abuse).'],
'root_causes': ['Insufficient NPM account security '
'(e.g., MFA, access controls).',
'Lack of package signing/enforced '
'provenance.',
'Over-reliance on open-source '
'dependency trust model.',
'Delayed detection of staging code '
'(setup_bun.js) in published '
'packages.']},
'ransomware': {'data_exfiltration': 'yes (credential harvesting)'},
'recommendations': ['Implement package integrity checks (e.g., npm audit, '
'sigstore).',
'Monitor for indicators of compromise (setup_bun.js, Bun '
'runtime anomalies).',
'Enforce least-privilege access for CI/CD and development '
'environments.',
'Rotate credentials post-incident and enforce '
'hardware-based secrets (e.g., HSMs).',
'Adopt runtime protection (e.g., sandboxing, behavioral '
'analysis for npm scripts).',
'Conduct third-party dependency risk assessments.'],
'response': {'containment_measures': ['audit dependencies',
'detect staging code (setup_bun.js)',
'monitor for bun_environment.js'],
'enhanced_monitoring': ['monitor for GitHub repo creation with '
"'Sha1-Hulud' description",
'track unexpected runtime downloads'],
'recovery_measures': ['restore from clean backups',
'rebuild development environments'],
'remediation_measures': ['rotate compromised credentials',
'remove affected packages',
'patch Bun runtime vulnerabilities']},
'stakeholder_advisories': ['Audit dependencies for @zapier/mcp-integration, '
'@posthog/nextjs, @asyncapi/cli, '
'@postman/secret-scanner-wasm',
"Monitor for GitHub repos with 'Sha1-Hulud: The "
"Second Coming'"],
'title': 'Supply Chain Attack on Zapier’s NPM Account with Shai Hulud Malware',
'type': ['supply chain attack', 'malware infection', 'credential harvesting'],
'vulnerability_exploited': ['NPM package integrity weakness',
'dependency trust model',
'Bun runtime environment detection']}