Shai-Hulud-Like Worm Targets Developers via Npm and AI Tools

Supply‑chain attacks have long plagued the JavaScript ecosystem, but the emergence of SANDWORM_MODE marks a notable escalation. By masquerading as popular Node.js libraries and emerging AI development tools, the worm leverages typosquatting to infiltrate developer environments with minimal friction. Once installed, it silently deploys a hidden MCP server that hijacks AI assistants, turning them into covert data‑collection agents. This convergence of package‑manager abuse and AI‑tool manipulation reflects a broader trend where attackers exploit the rapid adoption of generative AI in software engineering.

Technically, the worm employs a layered obfuscation strategy—base64, zlib, and AES‑256‑GCM—to conceal its multi‑stage payload. Stage 1 activates instantly, siphoning SSH keys, AWS tokens, npm credentials, and even cryptocurrency wallets. Stage 2 lies dormant for 48‑96 hours on developer workstations but triggers immediately in continuous‑integration pipelines, where it can propagate by publishing infected packages and modifying repositories via the GitHub API. Exfiltration is routed through a three‑channel cascade: encrypted HTTPS posts to a Cloudflare Worker, uploads to attacker‑controlled private GitHub repos, and DNS tunneling as a fallback. This redundancy ensures data reaches the adversary even if one channel is blocked.

For the development community, the incident underscores the urgency of rigorous dependency hygiene and AI‑tool security. Organizations should enforce strict provenance checks, employ automated scanning for typosquatted packages, and isolate AI assistants from sensitive credential stores. Rotating secrets promptly after any suspected compromise, implementing least‑privilege CI tokens, and monitoring network traffic for anomalous exfiltration patterns are essential defenses. As AI becomes integral to coding workflows, vendors and open‑source maintainers must prioritize secure integration pathways to prevent similar supply‑chain worms from gaining a foothold.