Cybersecurity researchers have identified an active and sophisticated supply chain attack campaign, codenamed SANDWORM_MODE, which exploits a range of 19 malicious npm packages. These packages are designed to harvest critical data such as API tokens, CI secrets, and cryptocurrency keys, drawing parallels to previous supply chain threats like the Shai-Hulud attacks. The campaign highlights the vulnerabilities present in software dependency ecosystems, where malicious code can infiltrate legitimate development workflows, leading to significant security breaches.
For businesses, this incident underscores the importance of rigorous supply chain security measures, particularly in software development environments that rely on third-party packages. Organizations should adopt best practices such as implementing strict package verification processes, regular security audits, and automated dependency management tools to mitigate the risk of such attacks. Given the increasing sophistication of cyber threats targeting software supply chains, it is crucial for companies to prioritize cybersecurity in their development processes to protect sensitive information and maintain operational integrity.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html)*