According to Socket, the campaign operates as a typosquatting worm: the attacker publishes malicious packages that mimic trusted names (e.g., look-alikes of common utilities and AI coding tools). When one of these malicious packages is installed and imported, it executes a sta...

According to Socket, the campaign operates as a typosquatting worm: the attacker publishes malicious packages that mimic trusted names (e.g., look-alikes of common utilities and AI coding tools). When one of these malicious packages is installed and imported, it executes a sta...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/sandwormmode-typosquatted-npm-packages-used-to-hijack-ci-workflows