T1195.001Compromise Software Dependencies and Development Tools
99%
"shai - hulud - like worm targets developers via npm and ai tools a supply chain worm resembling earlier shai - hulud malware has been discovered spreading through malicious npm packages. according to socket ' s threat research team, the campaign, tracked as sandworm _ mode, has b…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
93%
"scenes, it executed a concealed, multi - stage payload when imported. among the targets were tools linked to claude code and openclaw, the latter having recently surpassed 210, 000 stars on github. the malware deployed a hidden mcp server into configurations for ai assistants suc…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
69%
"using a domain generation algorithm fallback the worm could propagate by publishing infected npm packages, modifying repositories via the github api and, if necessary, pushing changes through ssh. socket said it notified npm, github and cloudflare before publishing its findings. …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
68%
"shai - hulud - like worm targets developers via npm and ai tools a supply chain worm resembling earlier shai - hulud malware has been discovered spreading through malicious npm packages. according to socket ' s threat research team, the campaign, tracked as sandworm _ mode, has b…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
39%
"scenes, it executed a concealed, multi - stage payload when imported. among the targets were tools linked to claude code and openclaw, the latter having recently surpassed 210, 000 stars on github. the malware deployed a hidden mcp server into configurations for ai assistants suc…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
30%
"scenes, it executed a concealed, multi - stage payload when imported. among the targets were tools linked to claude code and openclaw, the latter having recently surpassed 210, 000 stars on github. the malware deployed a hidden mcp server into configurations for ai assistants suc…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers