Security

Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing

Notorious malware crew TeamPCP appears to have open-sourced its Shai-Hulud worm.

Security outfit Ox on Tuesday spotted a pair of repos on GitHub, both of which contain the following text:

Shai-Hulud: Open Sourcing The Carnage
Is it vibe coded? Yes. Does it work? Let results speak.
Change keys and C2 as needed. Love - TeamPCP

The Register checked out the repos a few hours before publishing this story and at the time one listed a single fork, and the other mentioned 31. At the time of writing, those numbers have grown to five and 39.

That growth accords with Ox’s assertion that “independent threat actors have already begun modifying it and expanding its reach.”

Ox’s analysts looked at the source code in the repos and believe it displays “the same patterns from previous Shai-Hulud attacks are immediately recognizable, as expected. This includes uploading stolen credentials to a new GitHub repository.”

“TeamPCP isn’t just spreading malware anymore – they’re spreading capability. By going open source, they’ve handed any willing actor the tools to build their own variant. The copycats are already here,” Ox opined.

TeamPCP may also be using different handles to spread the malware, a theory Ox advanced after spotting another GitHub user named “agwagwagwa” that it says has already forked the malware and submitted a pull request adding FreeBSD support.”

“TeamPCP’s theme is cats, and agwagwagwa’s GitHub account has a ‘meow!’ repository inside,” Ox noted, before doing a quick Q&A: “Does this mean they are part of the group? We can’t know for sure, but it is very, very suspicious.”

The Shai-Hulud worm attacks npm packages, and if it can infect them looks for credentials for users of AWS, GCP, Azure, and GitHub credentials. If it gains access, it creates and publishes poisoned code to perpetuate itself. If the malware can’t achieve its objectives, it sometimes tries to wipe the local environment in an act of self-destructive vengeance.

Researchers found the malware in September 2025, and a more powerful variant appeared in November of the same year .

Imitators have since created copycat malware, and the original has rampaged its way across the internet.

Malware authors sometimes sell their wares so that other miscreants can adapt it to their own needs. However, it is unusual for cyber-crims to give away their work.

TeamPCP chose the MIT License, which allows just about any re-use of code.

At the time of writing, the Shai-Hulud repos have been online for at least 12 hours and Microsoft’s GitHub appears not to have intervened. ®