SANDWORM_MODE supply-chain worm targeting AI assistant configs
Malware Activity
Summary
Hide ▲
Show ▼
The SANDWORM_MODE worm is spreading through malicious npm packages, stealing developer and CI credentials and injecting rogue MCP servers into AI assistant configurations. It also harvests API keys for multiple large language model providers, widening the blast radius beyond software dependencies. The operation uses typosquatting, compromised npm/GitHub accounts, and staged payloads to reach developers and CI environments. Anyone who installed affected packages faces secret theft, repository tampering, and downstream account compromise risk.
Related Happenings
GitHub API enumeration campaign targeting corporate organizations
Campaign
H score17
First: 09.07.2026 21:38
Last: 09.07.2026 21:38
Sources 1
About this happening:
A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...
GitHub API enumeration campaign targeting corporate organizations
CampaignAbout this happening: A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...
Malicious npm and PyPI payment SDK typosquat packages
Malware Activity
H score40
First: 09.07.2026 18:09
Last: 09.07.2026 18:09
Sources 1
About this happening:
The **17 malicious npm and PyPI packages** targeted **Paysafe, Skrill, and Neteller SDKs** to steal **system information** and **developer secrets**, then send the data to an **Ng...
Malicious npm and PyPI payment SDK typosquat packages
Malware ActivityAbout this happening: The **17 malicious npm and PyPI packages** targeted **Paysafe, Skrill, and Neteller SDKs** to steal **system information** and **developer secrets**, then send the data to an **Ng...
Malicious npm and PyPI Paysafe, Skrill, and Neteller SDK packages delivering stealer malware
Malware Activity
H score37
First: 08.07.2026 22:54
Last: 08.07.2026 22:54
Sources 1
About this happening:
Malicious **npm** and **PyPI** packages impersonating **Paysafe**, **Skrill**, and **Neteller** SDKs delivered **stealer malware** that siphoned secrets from developer environment...
Malicious npm and PyPI Paysafe, Skrill, and Neteller SDK packages delivering stealer malware
Malware ActivityAbout this happening: Malicious **npm** and **PyPI** packages impersonating **Paysafe**, **Skrill**, and **Neteller** SDKs delivered **stealer malware** that siphoned secrets from developer environment...
Rollup polyfill npm package malware activity for remote access and data theft
Malware Activity
H score16
First: 03.07.2026 19:07
Last: 03.07.2026 19:07
Sources 1
About this happening:
**Malicious npm packages** disguised as **Rollup polyfill tooling** are now delivering **remote-access and data-theft payloads** to developer workstations and build machines. The...
Rollup polyfill npm package malware activity for remote access and data theft
Malware ActivityAbout this happening: **Malicious npm packages** disguised as **Rollup polyfill tooling** are now delivering **remote-access and data-theft payloads** to developer workstations and build machines. The...
Hijacked npm and Go packages deploying Python infostealer via VS Code auto-run tasks
Malware Activity
H score30
First: 29.06.2026 08:36
Last: 29.06.2026 08:36
Sources 1
About this happening:
Hijacked **npm** and **Go** packages now deliver a **Python infostealer** through a hidden **VS Code auto-run task**, putting developer machines and credentials at risk across **W...
Hijacked npm and Go packages deploying Python infostealer via VS Code auto-run tasks
Malware ActivityAbout this happening: Hijacked **npm** and **Go** packages now deliver a **Python infostealer** through a hidden **VS Code auto-run task**, putting developer machines and credentials at risk across **W...
Timeline
-
23.02.2026 18:00 2 articles · 4mo ago
SANDWORM_MODE supply-chain worm disclosed
Initial DisclosureSocket's Threat Research Team disclosed SANDWORM_MODE as a Shai-Hulud-like supply-chain worm spreading through at least 19 malicious npm packages published under the aliases official334 and javaorg. The malware used typosquatting and a concealed multi-stage payload to steal developer and CI credentials, inject rogue MCP servers into AI assistant configurations such as Claude Desktop, Cursor, VS Code Continue and Windsurf, and harvest API keys for nine large language model providers. Socket also said it notified npm, GitHub and Cloudflare, and that Cloudflare disabled associated infrastructure, npm removed the malicious packages, and GitHub dismantled related repositories.
Show sources
- Shai-Hulud-Like Worm Targets Developers via npm and AI Tools — www.infosecurity-magazine.com — 23.02.2026 18:00
- Shai-Hulud-Like Worm Targets Developers via npm and AI Tools — www.infosecurity-magazine.com — 23.02.2026 18:00