216.73.217.139

SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains

· Published 23/02/2026 10:04 · Modified 23/02/2026 10:19

Export JSON

Essential information

Published
23/02/2026 10:04
Modified
23/02/2026 10:19
Tags
2026-02-23 ai ci credential-theft exfiltration github npm sandworm_mode supply-chain typosquatting worm
Related entities
2 observables, 12 techniques (mitre), 1 malware, 2 others

Description

An active supply chain campaign, dubbed , is spreading through and toolchain poisoning across at least 19 malicious packages. The exhibits Shai-Hulud characteristics, incorporating API with DNS fallback, hook-based persistence, SSH propagation, and MCP server injection targeting coding assistants. It harvests credentials from developer and environments, exfiltrates data via multiple channels, and uses stolen identities to propagate. The campaign also includes a weaponized Action for secret harvesting. The employs a multi-stage design with obfuscated loaders, time-gated execution, and extensive configuration options. It targets high-traffic developer utilities, crypto tooling, and coding tools, posing a significant threat to the software supply chain.

External references