Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools
Summary
A supply chain attack dubbed SANDWORM_MODE is targeting developers through typosquatted npm packages. The worm steals credentials from local environments and CI systems and uses them to modify other repositories, potentially wiping the home directory upon detection.
IFF Assessment
FOE
The article describes an active and widespread supply chain attack campaign that poses a significant risk to developers and their systems.
Defender Context
Defenders should be vigilant against typosquatting attacks and carefully review dependencies before installing them. The use of AI tools to suggest code or dependencies increases the risk of falling victim to this type of attack. Regular audits of CI/CD pipelines and software supply chains are essential to detect and prevent such attacks.