Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

A Global Supply Chain Worm Campaign: SANDWORM_MODE and the Rise of Malicious npm Packages


A global supply chain worm campaign has been identified, leveraging malicious npm packages to harvest credentials and cryptocurrency keys. The SANDWORM_MODE campaign shares similarities with prior Shai-Hulud attack waves and poses a significant threat to individuals and organizations worldwide.

  • The SANDWORM_MODE campaign is a global supply chain worm that uses at least 19 malicious npm packages to steal credentials and cryptocurrency keys.
  • The malware shares similarities with the Shai-Hulud attack waves, allowing it to propagate by abusing stolen npm and GitHub identities.
  • Four out of 25 identified packages are clean and do not contain malicious features.
  • The malware includes a weaponized GitHub Action that harvests CI/CD secrets and exfiltrates them via HTTPS with DNS fallback.
  • The payload contains a destructive routine that acts as a kill switch, which is currently disabled by default.
  • The SANDWORM_MODE campaign targets AI coding assistants, injecting a malicious model context protocol (MCP) server into their tool configurations.
  • The malware includes a polymorphic engine configured to call a local Ollama instance with the DeepSeek Coder model, which is currently inactive in detected packages.



    • The cybersecurity landscape has been shaken to its core by the recent revelation of a global supply chain worm campaign, codenamed SANDWORM_MODE. This malicious operation leverages at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft, rendering it a significant threat to individuals and organizations worldwide.

    According to Socket, a supply chain security company, the SANDWORM_MODE campaign shares similarities with prior Shai-Hulud attack waves. The malicious code embedded in these packages retains many of the hallmarks of the Shai-Hulud worm, including capabilities for siphoning system information, accessing tokens, environment secrets, and API keys from developer environments. Furthermore, the malware is designed to propagate by abusing stolen npm and GitHub identities, thereby extending its reach.

    The malicious packages were published on npm by two publisher aliases, official334 and javaorg. These packages include a diverse range of names such as claud-code@0.2.1, crypto-locale@1.0.0, detect-cache@1.0.0, format-defaults@1.0.0, and veim@2.46.2.

    However, not all the identified packages contain malicious features. Four sleeper packages, ethres, iru-caches, iruchache, and uudi, do not incorporate any malicious code and are thus considered clean.

    A closer examination of the malware reveals several notable components. First and foremost is a weaponized GitHub Action that harvests CI/CD secrets and exfiltrates them via HTTPS with DNS fallback. This feature adds an additional layer of complexity to the malware's design.

    Furthermore, the payload contains a destructive routine that acts as a kill switch by triggering a home directory wipeout should it lose access to GitHub and npm. However, this wiper functionality is currently disabled by default.

    One of the most concerning aspects of the SANDWORM_MODE campaign is its targeting of AI coding assistants. A malicious module specifically designed to target these tools deploys a malicious model context protocol (MCP) server and injects it into their tool configurations. The MCP server masquerades as a legitimate tool provider, but in reality, it registers several seemingly harmless tools that embed a prompt injection to read the contents of various files, including system credentials.

    The payload also contains a polymorphic engine configured to call a local Ollama instance with the DeepSeek Coder model to rename variables, rewrite control flow, insert junk code, and encode strings. While this feature is currently inactive in the detected packages, its inclusion suggests that operators are planning to release future iterations of the malware.

    In light of this global supply chain worm campaign, it has become essential for developers to exercise extreme caution when installing and managing npm packages. The recent attack serves as a stark reminder of the importance of up-to-date security measures and constant vigilance in the digital realm.

    The SANDWORM_MODE campaign highlights the ever-evolving nature of cyber threats, underscoring the need for comprehensive cybersecurity solutions that can adapt to emerging risks. As such, organizations must prioritize robust security protocols, including regular software updates, secure coding practices, and strict control over third-party access.

    In conclusion, the discovery of the SANDWORM_MODE campaign serves as a wake-up call for the global community, emphasizing the pressing need for enhanced cybersecurity awareness and proactive mitigation strategies.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-Global-Supply-Chain-Worm-Campaign-SANDWORMMODE-and-the-Rise-of-Malicious-npm-Packages-ehn.shtml

  • https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html

  • https://socket.dev/blog/sandworm-mode-npm-worm-ai-toolchain-poisoning


    • Published: Mon Feb 23 07:20:26 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us