""The sample retains Shai-Hulud hallmarks and adds GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation fallback, MCP server injection with embedded prompt injection targeting AI coding assistants, and LLM API Key harvesting," the company said. The packages, published to npm by two npm publisher aliases, official334 and javaorg, are listed below - Also identified are four sleeper packages that do not incorporate any malicious features -"
"The packages go beyond npm-based propagation by including a weaponized GitHub Action that harvests CI/CD secrets and exfiltrates them via HTTPS with DNS fallback. They also feature a destructive routine that acts as a kill switch by triggering home directory wiping should it lose access to GitHub and npm. The wiper functionality is currently off by default. Another significant component of the malware is an "McpInject" module that specifically targets AI coding assistants by deploying a malicious"
An active SANDWORM_MODE supply-chain worm leverages at least 19 malicious npm packages to harvest credentials and cryptocurrency keys. The packages siphon system information, access tokens, environment secrets, and API keys from developer environments and propagate automatically by abusing stolen npm and GitHub identities. The malware includes a weaponized GitHub Action that harvests CI/CD secrets and exfiltrates them via HTTPS with DNS fallback. A destructive kill switch can wipe home directories if access to GitHub and npm is lost, though the wiper is currently disabled by default. An McpInject module targets AI coding assistants and LLM API keys.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]