Dozens of Red Hat packages backdoored through its official NPM channel

The worm, dubbed Shai-Hulud, has all the hallmarks of malware released last month as freely available open source. TeamPCP was the first group to use Shai-Hulud, and it promoted a competition that promised a $1,000 payment to the hacker who carried out the biggest supply-chain attack using the malware. TeamPCP has also been behind a rash of previous supply-chain attacks . Now that the worm is in the hands of many other threat groups, supply-chain attacks may ramp up further. …