According to Socket.dev, a compromise of the atool npm account pushed malicious updates to widely used packages including echarts-for-react and Alibaba’s @antv libraries, exposing crypto, DeFi, and fintech development environments to credential theft.
A Mini Shai-Hulud software supply chain worm compromised the npm account "atool" on May 19 and published 639 malicious versions across 323 packages in less than 30 minutes. The affected packages included widely used libraries such as echarts-for-react, size-sensor, @antv/scale, timeago.js, and other Alibaba @antv-related components used in crypto dashboards, DeFi (blockchain-based finance) front ends, and fintech applications. According to Socket.dev, the obfuscated malware could steal more than 20 types of credentials, encrypt the data with AES-256-GCM, and exfiltrate it either to a command-and-control server or, using stolen GitHub tokens, to attacker-created public repositories. StepSecurity said more than 2,500 GitHub repositories already show related indicators. The worm also used OpenTelemetry traces, created a systemd user service on Linux for persistence, and modified .vscode and .claude files to reactivate in development environments. SlowMist CSO 23pds urged developers to investigate exposure, while the incident was described as the third wave of the broader Shai-Hulud campaign.