TeamPCP / Mini Shai-Hulud npm Supply Chain Worm
Summary
TeamPCP is a threat actor group responsible for the 'Mini Shai-Hulud' self-propagating npm supply chain worm, first deployed on May 11, 2026. The campaign compromised over 600 npm packages across major ecosystems including TanStack, Mistral AI, UiPath, Red Hat, and Mastra AI, reaching two OpenAI employee devices and exfiltrating approximately 3,800 GitHub internal repositories. The malware specifically targets 166 cryptocurrency-related browser extensions and local wallet files, creating direct financial risk for crypto developers and end users.
Connected Entities
1 entities · 10 linked investigations- + 4 more
Timeline(14 events)
2025-09-01
Shai-Hulud worm activity first observed; earliest attributable TeamPCP supply chain operations begin (approximate date).
SecurityWeek2026-04-22
Earlier npm supply chain worm attack reported, attributed to TeamPCP activity.
The Register2026-05-11
Mini Shai-Hulud worm deployed; 84 malicious versions published across 42 @tanstack packages. Within five hours, over 400 malicious versions across 172 packages published. Two OpenAI employee devices compromised.
Orca Security / The Hacker News2026-05-12
TeamPCP publishes Mini Shai-Hulud full source code on GitHub under MIT license alongside BreachForums posts encouraging independent campaigns. 169 npm and 2 PyPI packages disclosed.
Orca Security2026-05-18
GitHub employee installs trojanized Nx Console VS Code extension (2.2 million installs, verified publisher); extension live for approximately 11 minutes before removal. TeamPCP exfiltrates approximately 3,800 GitHub internal repositories.
Phoenix Security2026-05-19
Atool maintainer account compromise published; 323 packages compromised including AntV, jest-canvas-mock, echarts-for-react.
Phoenix Security2026-06-01
Miasma variant deployed against @redhat-cloud-services npm namespace. Compromised Red Hat employee GitHub account used to publish 96 malicious versions across 32 packages (116,991 combined weekly downloads). Two attack waves: 10:53 UTC and 13:44-13:46 UTC.
Wiz / Aikido Security / The Register2026-06-05
At least 57 npm packages and 300+ malicious versions identified under Miasma/Hades umbrella; 471 total malicious artifacts across ecosystems documented.
SecurityWeek2026-06-08
Hades PyPI variant second wave: at least 29 additional PyPI packages compromised, targeting bioinformatics, graph ML, and MCP-themed packages.
SecurityWeek2026-06-12
OpenAI deadline for users to update ChatGPT Desktop, Codex App, Codex CLI, and Atlas to versions signed with new certificates; old code-signing certificates revoked.
OpenAI2026-06-17
141 Mastra AI npm packages compromised in a 45-minute window by alleged North Korean APT Sapphire Sleet. Typosquat package easy-day-js injected into packages with ~8 million combined weekly downloads. Microsoft formally attributes attack to Sapphire Sleet (BlueNoroff).
Microsoft Security Blog / SecurityWeekDecision Log
- hash: tQsts2QsjZsTzzcgrdjQaQKD7twscgTS9PQrTpNbtyF
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/24/2026, 12:34:59 PM
last updated: 6/24/2026, 12:35:10 PM
avoid.net — verified advice for a post-truth world