· Updated
The MCP injection is the new attack surface. The malicious server registers itself with AI coding agents and can push hostile prompt injections into tools like Claude Code or Cursor, manipulating the agent's behavior during sessions. Packages impersonate popular tools via typosquatting (e.g., suport-color for supports-color), making them easy to install by mistake.
Socket has petitioned npm to remove the packages and linked publisher aliases. Check your package.json dependencies against the Indicators of Compromise list in Socket's report.
MCP Server Injection The payload exports a dedicated McpInject module that targets AI coding assistants. It first generates a randomized developer-sounding name from word pools (e.g., dev-utils, node-analyzer) and creates a hidden directory in the user’s home (e.g., ~/.dev-utils/), then writes a malicious MCP server into it. ref: SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains https://t.co/nkLEl5jO47
More like this
CloudflareFeb 20
CopilotKit🪁Apr 13
VercelMar 15
OpenAI5d ago