Security researchers have uncovered an active supply chain worm campaign called SANDWORM_MODE by Socket that uses at least 19 malicious npm packages to steal credentials, cryptocurrency keys, API tokens, and other sensitive data from developer environments. The malware spreads by abusing stolen npm and GitHub accounts, harvesting CI/CD secrets through a weaponized GitHub Action, and mostly targeting AI coding assistants like Visual Studio Code and Claude with a malicious MCP server that injects prompts to steal SSH keys and environment files. It can also collect API keys from major AI providers and includes a dormant polymorphic engine designed to evade detection. The attack runs in two stages, with the second stage activating after a delay to deepen credential theft and spread further. Researchers warn that the packages pose a serious compromise risk and advise users to remove them immediately and rotate all secrets. Separately, JFrog, Veracode, and Checkmarx reported other malicious npm packages and a rogue VS Code extension that deliver remote access trojans and steal sensitive data across Windows, macOS, and Linux systems.