Back to Intelligence

Mini Shai-Hulud Worm: TanStack, Mistral AI & Guardrails Supply Chain Attack

SA
Security Arsenal Team
May 12, 2026
5 min read

A sophisticated supply chain campaign dubbed "Mini Shai-Hulud" has been attributed to the threat actor TeamPCP, resulting in the compromise of critical developer packages across npm and PyPI ecosystems. High-profile victims include TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI.

Unlike traditional dependency confusion attacks, this campaign involves the modification of legitimate packages to include an obfuscated JavaScript artifact—specifically router_init.js. This payload is designed to profile execution environments, a precursor to data exfiltration or further propagation. Security teams must immediately audit their build pipelines and runtime environments to identify and contain this threat before the profiling phase escalates to credential theft or ransomware deployment.

Technical Analysis

Affected Products & Platforms:

  • Platforms: Node.js (npm), Python (PyPI)
  • Affected Vendors/Packages: TanStack, UiPath, Mistral AI, OpenSearch, Guardrails AI.

The Attack Chain:

  1. Initial Compromise: TeamPCP gains access to maintainer accounts or repository tokens for popular packages.
  2. Malicious Injection: The actor publishes updated versions containing a new file: router_init.js. This file is heavily obfuscated to evade static analysis.
  3. Execution & Profiling: When developers install the compromised package or run the application, router_init.js executes. Its primary function is environmental profiling—fingerprinting the OS, network configuration, and running processes.
  4. Call Back: The gathered intelligence is likely transmitted to a C2 server, though the profiling itself modifies the runtime behavior of the host application.

Vulnerability Status:

  • Type: Supply Chain Compromise / Malicious Package Injection.
  • Status: Active exploitation confirmed.
  • CVEs: While specific CVEs are pending assignment, the IOCs (Indicators of Compromise) are well-defined by the presence of the router_init.js file in unexpected locations.

Detection & Response

The primary indicator of compromise (IOC) for the Mini Shai-Hulud campaign is the presence of the suspicious router_init.js file within node_modules or Python package directories. Defenders should hunt for this specific artifact and monitor for Node.js processes spawning with this file as an argument.

YAML
---
title: Potential Mini Shai-Hulud Compromise - router_init.js File Creation
id: 8a2b3c4d-5e6f-4a7b-8c9d-0e1f2a3b4c5d
status: experimental
description: Detects the creation of the known malicious router_init.js file associated with the Mini Shai-Hulud campaign in npm or PyPI directories.
references:
  - https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html
author: Security Arsenal
date: 2026/05/12
tags:
  - attack.initial_access
  - attack.t1195.002
logsource:
  category: file_event
  product: windows
detection:
  selection:
    TargetFilename|contains:
      - 'node_modules'
      - 'site-packages'
    TargetFilename|endswith: 'router_init.js'
  condition: selection
falsepositives:
  - Legitimate use of a file named router_init.js (rare, verify source)
level: high
---
title: Potential Mini Shai-Hulud Compromise - Suspicious Node Execution
id: 1b2c3d4e-5f6a-4b5c-9d0e-1f2a3b4c5d6e
status: experimental
description: Detects Node.js processes executing the obfuscated router_init.js payload.
references:
  - https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html
author: Security Arsenal
date: 2026/05/12
tags:
  - attack.execution
  - attack.t1059.007
logsource:
  category: process_creation
  product: windows
detection:
  selection:
    Image|endswith:
      - '\node.exe'
      - '\nodejs.exe'
    CommandLine|contains: 'router_init.js'
  condition: selection
falsepositives:
  - Unknown
level: critical


**Microsoft Sentinel / Defender KQL Hunt**

This query identifies file creation events or process execution linked to the malicious artifact.

KQL — Microsoft Sentinel / Defender
// Hunt for Mini Shai-Hulud router_init.js indicators
DeviceFileEvents
| where FileName == "router_init.js"
| extend FullPath = FolderPath + FileName
| where FullPath contains "node_modules" or FullPath contains "site-packages"
| project Timestamp, DeviceName, InitiatingProcessAccount, InitiatingProcessCommandLine, FullPath, SHA256
| union (
  DeviceProcessEvents
  | where ProcessCommandLine contains "router_init.js" and (FileName == "node.exe" or FileName == "nodejs.exe")
  | project Timestamp, DeviceName, AccountName, ProcessCommandLine, FolderPath, SHA256
)


**Velociraptor VQL Hunt**

Use this artifact to scan endpoints for the presence of the router_init.js file in package directories.

VQL — Velociraptor
-- Hunt for Mini Shai-Hulud router_init.js artifact
SELECT FullPath, Size, Mtime, Mode
FROM glob(globs='/**/node_modules/**/router_init.js')
UNION ALL
SELECT FullPath, Size, Mtime, Mode
FROM glob(globs='/**/site-packages/**/router_init.js')


**Remediation Script (Bash)**

This script scans for and removes the identified malicious file from Linux/macOS environments.

Bash / Shell
#!/bin/bash

# Mini Shai-Hulud Remediation Script
# Scans for router_init.js and backs up findings before removal.

LOG_FILE="./mini_shai_hulud_removal.log"
BACKUP_DIR="./quarantine_$(date +%Y%m%d_%H%M%S)"
mkdir -p "$BACKUP_DIR"

echo "Starting scan for router_init.js..." | tee -a "$LOG_FILE"

# Find and quarantine the file
find / /home /usr/local /opt /var \( -name "node_modules" -o -name "site-packages" \) -type d \(
    ( -exec find {} -name "router_init.js" -type f \; )
\) 2>/dev/null | while read -r file; do
    echo "[MALICIOUS] Found: $file" | tee -a "$LOG_FILE"
    cp "$file" "$BACKUP_DIR/"
    rm -f "$file"
    echo "[REMOVED] Deleted and quarantined to $BACKUP_DIR" | tee -a "$LOG_FILE"
done

echo "Scan complete. Check $LOG_FILE for details."
echo "Quarantined files available in $BACKUP_DIR"

Remediation

Immediate Action Items:

  1. Identify Affected Versions: Audit your package-lock., yarn.lock, and Pipfile.lock files. Refer to the official advisories from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI for the specific version ranges involved in the breach.
  2. Package Purge: If a compromised version is found, force-remove the package using npm uninstall or pip uninstall, delete the node_modules folder entirely, and reinstall dependencies from scratch (clean install) to ensure no residual artifacts remain.
  3. Pipeline Hardening: Rotate all npm, PyPI, and GitHub tokens used in CI/CD pipelines. Implement a "Hold" or "Manual Review" gate for dependency updates to prevent automatic ingestion of malicious packages.
  4. Software Bill of Materials (SBOM): Generate and compare SBOMs against known bad hashes if available.

Vendor Advisory References:

  • TanStack Advisory (Check official blog for status)
  • Mistral AI Security Update
  • Guardrails AI Incident Report

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub

sigma-rulekql-detectionthreat-huntingdetection-engineeringsiem-detectionteam-pcpsupply-chainmini-shai-hulud

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.

Book a SOC AssessmentSee AlertMonitor in Action