Open Source 2026-04-30 · 0 days ·Credential Theft, Self Propagation

Intercom Node SDK hit by Mini Shai-Hulud

The Mini Shai-Hulud/TeamPCP campaign compromised the official intercom-client package on npm.

Story

On April 30, 2026, the official Node.js SDK for the customer messaging platform Intercom was published to npm carrying a credential stealer that researchers at StepSecurity tied to the Mini Shai-Hulud campaign then sweeping through CI/CD pipelines.

intercom-client is the package most Node.js applications use to talk to Intercom's API; it pulls roughly 360,000 weekly downloads. Version 7.0.4 went out through a hijacked GitHub Actions OIDC publishing path, which StepSecurity called direct evidence that Mini Shai-Hulud was now spreading on CI/CD tokens lifted from earlier victims rather than on stolen npm credentials alone. The clean 7.0.3 release shipped with SLSA provenance attached; 7.0.4 did not.

The package itself kept working. Underneath, it added a preinstall hook, a new setup.mjs loader, and an 11.7 MB single-line payload at router_runtime.js. The loader fetched Bun 1.3.13 from GitHub and used the runtime to execute the obfuscated JavaScript. The stealer reached beyond GitHub and npm tokens into AWS instance metadata at 169.254.169.254, GCP metadata at metadata.google.internal, Azure connection strings, PEM-encoded private keys, environment variables, and a set of generic API-key regexes.

Exfiltration was the wrinkle. Instead of POSTing to a third-party endpoint, the payload authenticated against api.github.com, created a private repository under the victim's own GitHub account, and committed the encrypted loot there. For a CI runner that already allowed outbound traffic to GitHub, the exfiltration looked indistinguishable from ordinary developer activity, and network-egress filtering offered little defense.

Affected Artifacts

intercom-client

npm · repository · Source Archive

Observed: 2026-04-30
Compromised Versions: 7.0.4
Fixed: 7.0.3
Hashes: sha256:5f748fbc89cde66abefa826439c765a0081a027792e9da8d80fbf23571311622

sha1:1a1b1d0d89fadf7664c42ec628bac7d39a71bd50

sha256:fe64699649591948d6f960705caac86fe99600bf76e3eae29b4517705a58f0e2

+1 more
Evidence: distribution: npmjs.com/package/intercom-client/v/7.0.4, observable: npm integrity sha512:LcCAJzWI5Jkx75prg8T88aonPsExIrffcugdCDWhNv0HhmOlkA8xYqMuNHqjkgF8o9yxrs09tDub/6MWncK1Lg==, file: setup.mjs, file: router_runtime.js , +14 more

Incident Context

Motive: Credential Theft
Attribution: Group
Cause: CI/CD Exploit
Transitive: Yes
Actor: Advanced Persistent Threat
User Impact: 361510

External References

Shai-Hulud Worm Pivots to Multi-Cloud - intercom-client@7.0.4 Hijackedstepsecurity.io
intercom-node issue 518github.com
Malicious Intercom PHP Package Spreads Mini Shai-Hulud Attack to Packagist via Composer Pluginsemgrep.dev

Source record: oss/attacks/intercom-client/meta.yaml