February 24, 2026

Malicious npm Packages Expose Sensitive Data: Crypto Keys, CI Secrets, and API Tokens at Risk

Vaibhav February 23, 2026
Malicious-npm-Packages-Expose-Sensitive-Data-Crypto-Keys-CI-Secrets-and-API-Tokens-at-Riskdata
Post Views: 11

Sophisticated Supply Chain Attack Campaign Uncovered

A sophisticated supply chain attack campaign has been uncovered, leveraging a cluster of 19 malicious npm packages to harvest sensitive credentials, cryptocurrency keys, and API tokens from developer environments. The campaign, dubbed SANDWORM_MODE, has been attributed to a threat actor who has embedded malicious code into the packages, enabling them to siphon system information, access tokens, environment secrets, and API keys.

Malicious Packages and Capabilities

The malicious packages, published by two npm publisher aliases, official334 and javaorg, include claud-code, cloude-code, cloude, crypto-locale, crypto-reader-info, detect-cache, format-defaults, hardhta, locale-loader-pro, naniod, node-native-bridge, opencraw, parse-compat, rimarf, scan-store, secp256, suport-color, veim, and yarsg. Four additional packages, ethres, iru-caches, iruchache, and uudi, have been identified as sleeper packages that do not contain malicious features.

The malicious code embedded in the packages has several capabilities, including the ability to access tokens, environment secrets, and API keys from developer environments. It can also automatically propagate by abusing stolen npm and GitHub identities to extend its reach. The malware features a destructive routine that can wipe home directories should it lose access to GitHub and npm, although this functionality is currently disabled.

Attack Chain and Payload

The attackers have also incorporated a weaponized GitHub Action that harvests CI/CD secrets and exfiltrates them via HTTPS with DNS fallback. The malware targets AI coding assistants, including Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf, and harvests API keys for nine large language models (LLM) providers.

The payload contains a polymorphic engine that can rename variables, rewrite control flow, insert junk code, and encode strings to evade detection. Although the engine is currently disabled, its inclusion suggests that the attackers plan to release more iterations of the malware in the future.

Recommendations and Related News

Users who have installed any of the affected packages are advised to remove them immediately, rotate npm/GitHub tokens and CI secrets, and review any package.json, lockfiles, and .github/workflows/ for unexpected changes.

The discovery of this supply chain attack campaign highlights the importance of vigilance in the software development community. As the threat landscape continues to evolve, it is essential for developers to prioritize security and take proactive measures to protect their environments and sensitive data.

In related news, two other malicious npm packages, buildrunner-dev and eslint-verify-plugin, have been identified as delivering a remote access trojan (RAT) targeting Windows, macOS, and Linux systems. The .NET malware deployed by buildrunner-dev is Pulsar RAT, an open-source RAT delivered via a PNG image hosted on i.ibb[.]co. Eslint-verify-plugin, on the other hand, masquerades as a legitimate ESLint utility while deploying a sophisticated, multi-stage infection chain targeting macOS and Linux environments.

The eslint-verify-plugin package is a prime example of how a malicious npm package can escalate from a simple installation hook to a full-system compromise. By masquerading as a legitimate utility, the attackers successfully concealed a multi-stage infection chain that can facilitate a wide range of post-exploitation capabilities, including file operations, credential harvesting, and lateral movement.

The findings also follow a report from Checkmarx, which flagged a rogue VS Code extension known as \\\”solid281\\\” that impersonates the official Solidity extension but harbors covert features to execute a heavily obfuscated loader automatically upon application startup and drop ScreenConnect on Windows and a Python reverse shell on macOS and Linux machines.



About Author

Vaibhav

See author's posts

More Stories

US-Military-Mandates-Edge-Device-Replacement-by-2026-Compliance-Deadline-Loomsdata

US Military Mandates Edge Device Replacement by 2026: Compliance Deadline Looms

Vaibhav February 24, 2026
Police-Crackdown-on-Cyber-Fraud-1-000-Bank-Accounts-Under-Investigationdata

Police Crackdown on Cyber Fraud: 1,000 Bank Accounts Under Investigation

Vaibhav February 24, 2026
Anthropic-s-Claude-Code-Security-Tool-Impacts-Cybersecurity-Stocks-and-Sharesdata

Anthropic’s Claude Code Security Tool Impacts Cybersecurity Stocks and Shares

Vaibhav February 24, 2026

You may have missed

US-Military-Mandates-Edge-Device-Replacement-by-2026-Compliance-Deadline-Loomsdata

US Military Mandates Edge Device Replacement by 2026: Compliance Deadline Looms

Vaibhav February 24, 2026
Police-Crackdown-on-Cyber-Fraud-1-000-Bank-Accounts-Under-Investigationdata

Police Crackdown on Cyber Fraud: 1,000 Bank Accounts Under Investigation

Vaibhav February 24, 2026
UK-Court-Rules-in-Favor-of-ICO-in-DSG-Retail-Data-Breach-Case-ICO-Wins-Againdata

UK Court Rules in Favor of ICO in DSG Retail Data Breach Case: ICO Wins Again

Vaibhav February 24, 2026
Anthropic-s-Claude-Code-Security-Tool-Impacts-Cybersecurity-Stocks-and-Sharesdata

Anthropic’s Claude Code Security Tool Impacts Cybersecurity Stocks and Shares

Vaibhav February 24, 2026
HackerOne-Clarifies-AI-Training-Stance-Amid-Researcher-Concerns-Over-Data-Security-and-Ethicsdata

HackerOne Clarifies AI Training Stance Amid Researcher Concerns Over Data Security and Ethics

Vaibhav February 24, 2026
en_USEnglish
en_USEnglish