CYBERSECURITY researchers have revealed an active supply-chain worm campaign dubbed SANDWORM_MODE, which uses a cluster of at least 19 malicious npm packages to harvest credentials and cryptocurrency keys, as part of a broader push to exfiltrate tokens and secrets from developer environments.
The campaign, described by Socket as continuing Shai-Hulud-like activity, leverages npm and GitHub identities to propagate and includes a GitHub Action weaponised to harvest CI/CD secrets and exfiltrate them over HTTPS with DNS fallback. The listed npm packages, published under two publisher aliases official334 and javaorg, include claud-code, cloude, crypto-locale, and nine more, while four sleeper packages—ethres, iru-caches, iruchache, and uudi—do not carry malicious features.
The attackers also embed an MCPInject module that targets AI coding assistants and reads sensitive files such as SSH keys, AWS credentials, and .env files, with aims to exfiltrate them. The campaign’s two-stage chain begins with credential and key theft and then loads a second stage for deeper harvesting, with the latter scheduled to activate after 48 hours, and defenders are urged to remove the packages and rotate tokens.
According to Socket, several guardrails remain and the worm code appears across multiple typosquatting packages, indicating deliberate distribution rather than a mere test artifact.