Intercom PHP SDK hit by Mini Shai-Hulud

On April 30, 2026, the Mini Shai-Hulud campaign crossed out of npm and into the PHP ecosystem by way of intercom/intercom-php, the official Intercom SDK on Packagist. Researchers at Semgrep, who reported the compromise, said attackers overwrote an existing legitimate version of the package rather than publishing a suspicious new outlier, so downstream developers running composer update had no obvious signal that anything had changed.

The trick was a small edit to composer.json that converted the package into a Composer plugin. Composer plugins are not ordinary libraries: Composer instantiates them during dependency resolution and installation, before any application code calls require on the package. The install step became the execution step.

From there the plugin downloaded the Bun JavaScript runtime and ran an obfuscated payload aligned with the same Mini Shai-Hulud stealer that had hit intercom-client on npm the same day, exfiltrating to zero.masscan.cloud. The collector pulled GitHub tokens, SSH keys, cloud credentials, environment variables, and other developer secrets.

The two Intercom incidents are tracked separately because the artifact, package manager, and execution mechanism differ, but they share an actor and a toolchain. The PHP side is the more instructive of the pair: it shows that a campaign built around npm install scripts can move into Packagist without a meaningful change in technique, simply by riding Composer's plugin contract.

Motive

Credential Theft

Attribution

Group

Cause

Compromised Account Credentials

Transitive

No

Actor

Third Party

• Malicious Intercom PHP Package Spreads Mini Shai-Hulud Attack to Packagist via Composer Pluginsemgrep.dev