The Holiday Whisper: Shai-Hulud 3.0

The end-of-year holiday period is traditionally a time for code freezes and quiet rotations; however, it is also a favored window for opportunistic attackers. Threat actors love the holidays; they know that with development teams out of the office and response times naturally lagging, a small window opens for them to test new exploits without immediate detection.

Recently, a security researcher discovered a new, contained variant of Shai-Hulud, dubbed "The Golden Path" (v3.0). This version features enhanced technical refinements designed to overcome current detection methods. While this isn’t a widespread outbreak, it appears to be a technical update, signaling continued improvements by threat actors.

Currently, the reports are limited to a single package, suggesting a possible testing phase rather than an active campaign. Here is what we know about this new iteration and why we are keeping a close eye on it.

Reports of the new variant

On December 29, 2025, a researcher identified malware embedded in the @vietmoney/react-big-calendar npm package (version 0.26.2). They believe this is a direct evolution of the Shai-Hulud lineage rather than a copycat, with analysis suggesting the code was re-obfuscated from the source rather than modified in place. While it shares the same core DNA, the internal logic has been refined to be more resilient and cross-platform compatible.

Earlier versions of Shai-Hulud spread quickly, focusing on rapid propagation. In contrast, this variant seems to be shifting its focus towards perfecting stealth, emphasizing technical refinement and cross-platform stability. This version serves as a 'patch' for the malware, specifically addressing previous compatibility issues with Windows and the Bun runtime.

Key technical details:

• Targeted exfiltration: According to the code, data was intended to be exfiltrated to GitHub repositories labeled with the description: "Goldox-T3chs: Only Happy Girl".

• Stealth improvements: The code features improved error handling designed to bypass security scanning tools.

• Limited scope: Currently, only a single npm package has been confirmed to be compromised, suggesting probing for stability rather than an immediate mass infection.

Why now?

The timing of this emergence is likely deliberate. Attackers are leveraging two primary vulnerabilities that have nothing to do with code:

1. The "vacation" factor: With decision-makers on vacation and incident response teams operating at reduced capacity, attackers aim to deploy and refine their code with a much lower risk of real-time detection.

2. The security transition: The npm ecosystem is moving toward "trusted publishing" as a standard. In such cases, it’s common for attackers to leverage the “last-minute” when security measures are still lax, maximizing their reach before these stricter controls are enforced. Although some updates were made this month, including moving npm over to session-based authentication and CLI token management.

Vigilance over panic

While the discovery of any new variant warrants attention, it is crucial to lead with vigilance rather than panic. There is currently no evidence of a broad infection campaign; instead, we are seeing the vague movements of a likely sophisticated actor preparing for future operations.

Our strategy is one of active, informed decision-making. It is highly likely that the threat actor is monitoring these very reports and may pivot their behavior, potentially altering their deployment schedule or modifying file signatures to evade current detection. Because the adversary is reactive, our best defense is not alarm, but a steady, proactive posture that assumes indicators of compromise (IoCs) will shift.

Recommended actions

Rather than relying on active scanning for specific filenames that may change tomorrow, we recommend that teams verify their structural guardrails to neutralize the threat's primary infection vectors. This "safe-by-default" approach provides a layer of protection that persists even if the actor updates their technical signatures.

• Disable lifecycle scripts: The primary execution vector for this strain is the postinstall and preinstall hooks. Hardening your environment by setting ignore-scripts=true in your .npmrc file or running installs with the --ignore-scripts flag prevents arbitrary code from running during installation.

• Enforce lockfile-only installs: In CI/CD pipelines, always use npm ci instead of npm install. This ensures that the environment only uses the exact versions pinned in your lockfile and prevents the "latest" resolution from accidentally pulling in a compromised update.

• Implement a cooldown period: If your package manager supports it (such as pnpm with minimumReleaseAge), consider delaying the adoption of new package versions by 24-48 hours. Most malicious npm packages are identified and removed within hours of being published.

• Audit outbound egress: Since this variant relies on exfiltrating data to external GitHub repositories, restricting build-server network access to only known, trusted domains can disrupt the exfiltration chain.

If this testing phase indicates a shift towards a broader campaign or if the actor updates their techniques to evade current detection, we will provide an immediate update. For now, structural hardening and steady observation remain our most effective tools.