Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

A threat actor tracked as Mini Shai-Hulud has compromised the npm maintainer account "atool" and used it to distribute malicious packages across the @antv ecosystem, including echarts-for-react. The React wrapper for Apache ECharts receives approximately 1.1 million weekly downloads, making this supply chain attack particularly dangerous.

Researchers identified poisoned versions of multiple npm packages built around the @antv library, a popular data visualization framework. The compromise allowed attackers to inject malicious code into packages that developers actively download and integrate into production applications. echarts-for-react alone puts over a million weekly installations at risk of executing attacker-controlled code.

Mini Shai-Hulud represents an ongoing campaign targeting open source maintainers through credential theft or account takeover techniques. By compromising legitimate developer accounts with trusted standing in the npm ecosystem, threat actors bypass many standard security checks. Package managers rely heavily on maintainer reputation, making takeovers of established accounts particularly effective for distributing malware to unsuspecting downstream users.

The attack chain typically involves injecting obfuscated or hidden malicious payloads into package source code during build processes. Developers updating dependencies or installing packages for the first time unknowingly pull the compromised versions. The payload executes with the privileges of the application using the library, potentially enabling data theft, credential harvesting, lateral movement, or system compromise depending on the injected code's purpose.

Organizations using echarts-for-react or other affected @antv packages should immediately audit their dependency versions and rollback to pre-compromise releases. npm has likely yanked the malicious versions, but verifying local installations against clean hashes remains essential. Developers should also rotate credentials for accounts with npm access and enable two-factor authentication on all package registry accounts.

This incident reinforces how supply chain attacks target the path of least