A new malware dubbed “SANDWORM_MODE” has been discovered in the npm ecosystem, identified by security firm Socket. This malicious software conducts supply chain attacks reminiscent of the Shai-Hulud worm, employing an MCP server to steal sensitive data from AI models and services like AWS and GitHub. Currently, 19 infected npm packages, disguised under well-known application names through typosquatting, are reported. Developers are urged to check their projects for these compromised packages. The malware autonomously seeks API keys and exfiltrates CI secrets, potentially deleting users’ home directories if it loses access. Socket has noted that while the malicious packages have reportedly been removed, future threats are possible due to the worm’s self-propagation capability. Developers should inspect dependencies, renew tokens, and examine workflow files for any unusual activity. Supply chain attacks affect roughly one in three German companies, emphasizing the need for strict security protocols.
Source link
Share
Read more