Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

TeamPCP has publicly released the Shai-Hulud worm on GitHub under an MIT license, and repositories have already been forked and modified; the worm targets npm packages, seeks AWS/GCP/Azure/GitHub credentials, and propagates by publishing poisoned code (with some variants wiping infected environments). Researchers observed the malware previously (September 2025, with a stronger variant in November) and note that open-sourcing has enabled rapid copycat development while GitHub had not yet intervened.