19 npm packages spread SANDWORM_MODE worm, stealing tokens, crypto keys, CI secrets, and AI API keys via MCP injection
  • nkat2112@sh.itjust.worksEnglish
    1·
    2 months ago

    The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded into the packages comes with capabilities to siphon system information, access tokens, environment secrets, and API keys from developer environments and automatically propagate by abusing stolen npm and GitHub identities to extend its reach.

    “The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting,” the company said.

    The packages, published to npm by two npm publisher aliases, official334 and javaorg, are listed below -

    claud-code@0.2.1
cloude-code@0.2.1
cloude@0.3.0
crypto-locale@1.0.0
crypto-reader-info@1.0.0
detect-cache@1.0.0
format-defaults@1.0.0
hardhta@1.0.0
locale-loader-pro@1.0.0
naniod@1.0.0
node-native-bridge@1.0.0
opencraw@2026.2.17
parse-compat@1.0.0
rimarf@1.0.0
scan-store@1.0.0
secp256@1.0.0
suport-color@1.0.1
veim@2.46.2
yarsg@18.0.1