A massive cyberattack called "mini Shai-Hulud" infected hundreds of popular open-source software packages, including TanStack's React Router with over 12 million weekly downloads. The malware, created by cybercriminal group TeamPCP, steals credentials from cloud services like AWS and Google Cloud by hijacking automated publishing systems.
The attack bypassed two-factor authentication and carried valid digital signatures, making it nearly undetectable. The malware embeds itself in developer tools like Visual Studio Code and disguises stolen data as anonymous messaging traffic through the Session app.
Security experts urge anyone who downloaded affected packages on Monday to immediately change all cloud, server, and developer credentials. The incident exposes critical vulnerabilities in how the software industry consumes open-source code.
Source: CyberScoop