Shai-Hulud 3.0 test payload — @vietmoney/react-big-calendar@0.26.2 (Dec 2025)
TL;DR
A third generation of the Shai-Hulud worm ("Shai-Hulud 3.0" / Snyk's "Holiday Whisper") landed on npm on 2025-12-28 as a single low-profile package — @vietmoney/react-big-calendar@0.26.2 — with much heavier obfuscation and reliability improvements but the same install-time credential-theft + self-propagation goals as v1/v2. Aikido characterized it as attackers testing their payload — and indeed, ~4 months later the same TTPs returned at scale as the TeamPCP Mini Shai-Hulud wave. Low download count; remove the package, but treat this primarily as the test bench that produced the April–May 2026 worm cluster.
What happened
@vietmoney/react-big-calendar had sat dormant on npm since March 2021. On 2025-12-28, the publisher account pushed version 0.26.2 — its first update in nearly five years — carrying a modified Shai-Hulud variant. Per Aikido and Snyk, the changes versus the original Shai-Hulud / Second Coming were primarily:
- Heavier obfuscation of the install-time payload (string mangling, dynamic require, indirection layers) to evade static-scan engines that caught v1/v2.
- Reliability improvements on the credential-collection logic and the GitHub-repo creation step that exfiltrates harvested secrets to attacker-controlled public repos.
- Unchanged core: still relies on install-time execution (npm lifecycle hooks) to scrape env vars, cloud creds, CI/CD secrets, GitHub/npm tokens, and SSH keys, then leak to attacker-owned GitHub repos.
The package had low downloads / no major spread at the time of detection (Aikido: "we may have caught the attackers testing their payload"). The wider context: this Dec 2025 drop is now read as a TeamPCP-attributable rehearsal for the campaigns that followed — the SAP / Mini Shai-Hulud arm, PyTorch Lightning + intercom-client, the Bitwarden CLI "Third Coming", the TanStack / Mini Shai-Hulud wave, the May 19 @antv + Microsoft durabletask wave, and finally the source-leak copycats after TeamPCP open-sourced the worm on 2026-05-12.
Naming note: this variant is referred to as "Shai-Hulud 3.0" (Upwind, OX, Mondoo, Snyk) or "Holiday Whisper" (Snyk). The "3.0" label puts it in the worm-lineage:
- v1 = original 2025-09 worm (~200 packages including @ctrl/tinycolor)
- v2 = Second Coming 2025-11 (492 packages, 132M monthly downloads)
- v3 = this Dec 2025 test-payload drop, then evolved into Mini Shai-Hulud at scale through Q2 2026
Am I affected?
# Did the test package land in your tree?
npm ls @vietmoney/react-big-calendar --all 2>/dev/null
# Grep lockfiles directly (catches transitive)
grep -REn "@vietmoney/react-big-calendar" \
package-lock.json npm-shrinkwrap.json yarn.lock pnpm-lock.yaml 2>/dev/null
# The worm marker: was a public Shai-Hulud-style exfil repo created on your GitHub account?
gh api /user/repos --paginate \
--jq '.[] | select(.name | test("Sha[i1]-Hulud|shaihulud"; "i")) | .full_name' 2>/dev/null
If any hit, treat as full credential compromise: rotate everything reachable from the affected machine, delete the planted GitHub repo, and search GitHub for any other repos containing your secrets.
If you are affected
→ playbooks/if-you-installed-a-bad-npm-package.md → playbooks/if-your-github-pat-leaked.md → playbooks/if-your-npm-token-leaked.md → playbooks/rotating-cloud-credentials.md
Prevention
→ prevention/npm-hardening.md — disable install scripts, pin versions → prevention/credential-hygiene.md
Sources
- Upwind — Shai-Hulud 3.0: npm Supply Chain Worm Reappears With Enhanced Obfuscation — canonical "3.0" naming, obfuscation analysis.
- Snyk — The Holiday Whisper: Shai-Hulud 3.0 — alternate name, payload behavior changes.
- Aikido — Shai Hulud strikes again - The golden path — first-detection writeup, "testing the payload" framing, single-package scope.
- OX Security — Shai Hulud #3: New npm Malware Variant Found in the Wild — variant analysis, lineage.
- The Hacker News — Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry — Dec 2025 initial coverage.
- Mondoo — Shai-Hulud Strikes Back, with v3.0 — evolution + persistence framing.
- Cybernews — New Shai-Hulud 3.0 malware variant discovered — variant confirmation.
- Techzine — On the heels of 2.0, Shai-Hulud 3.0 emerges as a supply chain threat — lineage placement.
- Phoenix Security — Beat Sha1-Hulud 3.0 Before It Ships Your Secrets — defender guidance.
- CyCraft — The Return of Shai Hulud: Analyzing New Variants of npm Supply Chain Attacks — variant comparison v1/v2/v3.