Shai-Hulud supply-chain malware payload distributed through compromised npm packages in the Leo/RStreams ecosystem. The payload steals developer credentials the moment a package is installed, harvesting GitHub tokens and CLI credentials, npm and PyPI publishing credentials, AWS access keys and cloud provider tokens, SSH keys, JFrog/Artifactory authentication tokens, and CI/CD pipeline secrets. To evade detection, the malicious code is hidden in binding.gyp files rather than standard npm install scripts; when npm processes the package without an explicit install script, node-gyp automatically executes shell commands embedded in that file, bypassing basic security scanners. Stolen data is encrypted and exfiltrated using a GitHub dead-drop technique, creating repositories under hijacked tokens to commit credential files. The payload establishes persistence via systemd services (Linux) and LaunchAgents (macOS), modifies AI tool configurations (Cursor, Copilot, Gemini), and uses stolen SSH keys for lateral movement into connected systems and GitHub Actions workflows.