SANDWORM_MODE: Typosquatted npm Packages Used to Hijack CI Workflows (Campaign)

Socket reports a typosquatting worm campaign distributing malicious packages that mimic trusted developer tools; when installed, the packages harvest developer and CI credentials (npm/GitHub tokens, environment secrets), use those tokens to modify repositories and inject/alter GitHub Actions to propagate, and leverage a malicious GitHub Action as a CI amplification mechanism. The observed variant also includes a module that injects a rogue local MCP server into AI coding assistant configurations to coerce those assistants into collecting local secrets/files, and the sample contains feature flags and a disabled destructive “dead switch,” indicating iterative development rather than an always-on wiper.