Operators of the Shai Hulud malware that compromised thousands of developer environments have been testing yet another variant of the worm dubbed "The Golden Path," which has been integrated into the npm package "@vietmoney/react-big-calendar," reports The Cyber Express.
Apart from exfiltrating data to GitHub repositories with the new "Goldox-T3chs: Only Happy Girl" description, Shai Hulud's The Golden Path variant has been imbued with cross-platform publishing features, as well as updated file nomenclature and enhanced TruffleHog error management to ensure more reliable "smash-and-grab" operations, according to Aikido researchers.
"The differences in the code suggest that this was obfuscated again from original source, not modified in place. This makes it highly unlikely to be a copy-cat, but was made by somebody who had access to the original source code for the worm," said researchers, who advised organizations to not only implement stringent lockfile integrity and Trusted Publishing but also leverage tools that prevent unvetted release installations.
Apart from exfiltrating data to GitHub repositories with the new "Goldox-T3chs: Only Happy Girl" description, Shai Hulud's The Golden Path variant has been imbued with cross-platform publishing features, as well as updated file nomenclature and enhanced TruffleHog error management to ensure more reliable "smash-and-grab" operations, according to Aikido researchers.
"The differences in the code suggest that this was obfuscated again from original source, not modified in place. This makes it highly unlikely to be a copy-cat, but was made by somebody who had access to the original source code for the worm," said researchers, who advised organizations to not only implement stringent lockfile integrity and Trusted Publishing but also leverage tools that prevent unvetted release installations.



