Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Summary
A supply chain attack dubbed SANDWORM_MODE has been discovered, using at least 19 malicious npm packages to steal cryptocurrency keys, CI secrets, and API tokens. The attack is described as a "Shai-Hulud-like" campaign, indicating its worm-like propagation.
IFF Assessment
FOE
The campaign uses malicious packages to steal sensitive information from developers, creating a security risk.
Defender Context
Defenders should monitor npm package dependencies for suspicious code and conduct regular security audits of their software supply chain. Supply chain attacks targeting open-source ecosystems continue to be a significant threat, requiring proactive detection and prevention measures. The worm-like propagation highlights the potential for rapid spread and widespread impact.