SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains

An active supply chain attack, reminiscent of the Shai-Hulud worm, has been identified by Socket’s Threat Research Team, involving at least 19 malicious npm packages and two npm aliases. Dubbed "SANDWORM_MODE," this campaign utilizes typosquatting and AI toolchain poisoning, targeting high-traffic developer utilities and AI coding tools. The malware employs GitHub API exfiltration with DNS fallback, automated propagation using stolen identities, and a multi-layered execution strategy, embedding malicious MCP servers into AI assistant configurations. It harvests credentials, crypto keys, and CI secrets for exfiltration, deploying a Shai-Hulud-style dead switch that wipes home directories under certain conditions. Despite the destructive routines being disabled in this iteration, the worm poses a significant risk, with propagation mechanisms exploiting npm and GitHub infrastructure. The campaign reflects ongoing threat actor adaptation, leveraging AI tool interference and polymorphic capabilities for future iterations, prompting immediate defensive measures from npm, GitHub, and Cloudflare to mitigate risks.