Shai-Hulud copycat worm infects yet another npm package

A Shai-Hulud copycat and three additional credential-stealing npm packages were discovered masquerading as legitimate modules (chalk-tempalte, @deadcode09284814/axios-util, axois-utils, color-style-utils). The malware harvests SSH keys, environment variables, cloud credentials, crypto wallets, IP/geolocation data and, in one package, deploys a Go-based DDoS botnet; stolen data is exfiltrated to listed C2 domains and an IP. Researchers advise immediate uninstallation, key rotation, removal of malicious configurations, and searching repositories for related artifacts.