Shai-Hulud-Style NPM Worm Hijacks CI Workflows and Poisons AI Toolchains (socket.dev)

A new active supply chain worm campaign, nicknamed SANDWORM_MODE, has emerged, exploiting at least 19 malicious npm packages and linked to two npm aliases. Characterized by its Shai-Hulud-like features, this worm utilizes typosquatting tactics to hijack CI workflows and poison AI toolchains. It employs advanced techniques such as GitHub API data exfiltration, DNS fallback for command and control, and a Shai-Hulud-style dead switch capable of wiping home directories if key access is lost. Notably, the worm targets developers using popular AI coding tools, including Claude Code and OpenClaw, indicating a deliberate attempt to exploit the rapid adoption of AI technologies. This incident significantly impacts the AI/ML community by highlighting vulnerabilities in software supply chains, particularly within the ever-expanding ecosystem of AI coding assistants. The campaign innovatively employs a malicious MCP server that instructs AI tools to silently harvest sensitive developer secrets, including SSH keys and LLM API keys, which could lead to widespread credential theft. The proactive response from npm, GitHub, and Cloudflare to dismantle the campaign underscores the urgency of addressing security vulnerabilities amid the rapid evolution of AI tools, emphasizing the need for heightened vigilance and robust defenses within the developer community.