TeamPCP publicly released the source code for its “mini” Shai-Hulud supply chain worm on Tuesday, issuing a $1,000 challenge to whoever can pull off the “biggest supply chain attack.”Mini Shai-Hulud was used in a recent major supply chain attack wave across npm and PyPI, spreading credential-stealing malware and self-propagating using compromised developer accounts. The campaign has impacted packages from TanStack, Mistal AI, OpenSearch and more.OX Security was one of the first to discover the published source code, shared directly in GitHub repositories from at least two likely compromised accounts. The repos included a note calling the code “A Gift from TeamPCP” and stating “Is it vibe coded? Yes. Does it work? Let results speak.”OX Security Research Team Lead Moshe Siman Tov Bustan told SC Media that his team analyzed the heavily obfuscated malware used in the TanStack attack and compared what they recovered to the newly released code.The released version appears to be the same one used in the recent attacks, which includes logic for hijacking the configuration files of integrated development environments (IDEs) and AI coding agents for persistence, among other similarities, Bustan said.“This also tells an interesting story. Nowadays, with AI, anyone can read and clone code. Even ‘unreadable’ obfuscated code can be turned into source code instantly, which can then be improved and modified. TeamPCP probably did it with the original Shai-Hulud: analyzed it, turned it into source code, then modified it,” Bustan stated.The original Shai-Hulud attack saw two distinct waves in September 2025 and November 2025, impacting tens of thousands of npm packages including popular projects like tinycolor and even packages owned by the cybersecurity company CrowdStrike.Bustan told SC Media that OX believes the original Shai-Hulud malware was not the work of TeamPCP, but that the new “mini” version takes inspiration from last year’s attacks.For example, the original version used TruffleHog to scan for secrets, which is absent in the new version, and the original only exfiltrated stolen data to GitHub while the new one uses a C2 server in addition to GitHub. TeamPCP’s version also encrypts data published to GitHub, meaning only their private key can be used to decrypt it, while the previous version only used encoding on the published data, Bustan explained.The repositories originally used to publicly release the mini Shai-Hulud source code have been removed by GitHub, although OX observed multiple forked versions being created and modified. A search on GitHub for the phrase “A Gift from TeamPCP” returns no results as of Friday afternoon, suggesting the platform has been fast to remove any new versions of the original repositories.OX confirmed they have yet to see any attacks leveraging the open-sourced Shai-Hulud variant, although TeamPCP has reportedly teamed up with BreachForums to hold a “supply chain attack competition” coinciding with the code’s release.Screenshots from BreachForums published on X by Dark Web Informer show the threat actors offering $1,000 in Monero (XMR) cryptocurrency to “whoever conducts the biggest supply chain attack.”TeamPCP previously teamed up with a nascent ransomware-as-a-service (RaaS) group known as VECT in late April, with VECT reportedly extorting victims affected by TeamPCP’s previous supply chain attacks on Trivy and LiteLLM. VECT also offered all BreachForums members free affiliate access to its VECT 2.0 ransomware, although Check Point researchers described the ransomware as “amateur” and noted it inadvertently destroys most data rather than properly encrypting it.
Critical Infrastructure Security, Supply chain, Application security, DevSecOps

TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge


Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



