Archive: https://archive.today/5lxyQ
From the post:
>Socket’s Threat Research Team uncovered what we assess as a Shai-Hulud-like supply chain worm deployed across at least 19 malicious npm packages, published under two npm publisher aliases (see the Indicators of Compromise section below). We are tracking this activity as SANDWORM_MODE, a campaign name derived directly from SANDWORM_* environment variable switches embedded in the malware’s runtime control logic. The code follows hallmarks analyzed in prior Shai-Hulud variants, including credential theft from developer and CI environments and automated propagation by abusing stolen npm and GitHub identities to move laterally through the software supply chain.
Archive: https://archive.today/5lxyQ
From the post:
>>Socket’s Threat Research Team uncovered what we assess as a Shai-Hulud-like supply chain worm deployed across at least 19 malicious npm packages, published under two npm publisher aliases (see the Indicators of Compromise section below). We are tracking this activity as SANDWORM_MODE, a campaign name derived directly from SANDWORM_* environment variable switches embedded in the malware’s runtime control logic. The code follows hallmarks analyzed in prior Shai-Hulud variants, including credential theft from developer and CI environments and automated propagation by abusing stolen npm and GitHub identities to move laterally through the software supply chain.
Login or register