npm 蠕蟲被釋放：SANDWORM_MODE 利用開發環境，竊取加密金鑰和 AI 秘密

一種新的 npm 蠕蟲 SANDWORM_MODE 正在積極瞄準開發人員環境，獲取私鑰、加密資產和 AI API 金鑰。了解不斷變化的威脅情勢。

npm Worm Unleashed: SANDWORM_MODE Exploits Dev Environments, Steals Crypto Keys and AI Secrets

npm 蠕蟲被釋放：SANDWORM_MODE 利用開發環境，竊取加密金鑰和 AI 秘密

In a startling development for the software development community, a sophisticated npm worm, dubbed SANDWORM_MODE, has been discovered actively compromising developer environments. This self-replicating malware has infiltrated at least 19 malicious npm packages, with a primary objective of harvesting sensitive information, including private keys, cryptocurrency wallet details, and crucial AI API keys.

在軟體開發社群的一次驚人的發展中，人們發現了一種名為 SANDWORM_MODE 的複雜 npm 蠕蟲，它正在積極危害開發人員環境。這種自我複製的惡意軟體已滲透到至少 19 個惡意 npm 軟體包，其主要目標是收集敏感信息，包括私鑰、加密貨幣錢包詳細信息和關鍵的 AI API 密鑰。

The SANDWORM_MODE Attack: A Multi-Pronged Assault

SANDWORM_MODE 攻擊：多管齊下的攻擊

Uncovered by Socket's Threat Research Team, SANDWORM_MODE represents a significant escalation in supply chain attacks. Unlike previous threats, this worm operates with alarming speed and stealth. Its first stage executes immediately upon package import, focusing on exfiltrating npm tokens, GitHub tokens, environment secrets, and various forms of crypto keys. This includes BIP39 mnemonics, Ethereum private keys, Solana byte arrays, and Bitcoin WIF keys, all sent to a dedicated drain endpoint before any other payload can be triggered.

SANDWORM_MODE 由 Socket 的威脅研究團隊發現，代表供應鏈攻擊的顯著升級。與先前的威脅不同，該蠕蟲的運行速度驚人且隱密。它的第一階段在套件導入後立即執行，重點是洩漏 npm 令牌、GitHub 令牌、環境機密和各種形式的加密金鑰。這包括 BIP39 助記符、以太坊私鑰、Solana 位元組數組和比特幣 WIF 金鑰，所有這些都在觸發任何其他負載之前發送到專用的耗盡端點。

Beyond Crypto: Targeting AI and Developer Secrets

超越加密：瞄準人工智慧和開發者秘密

The worm's malicious capabilities extend beyond cryptocurrency theft. It actively injects malicious GitHub workflows and poisons AI toolchains. Several packages impersonate AI coding tools, embedding rogue servers into popular AI assistant configurations. These rogue servers are designed to stealthily prompt AI assistants to exfiltrate SSH keys, AWS credentials, npm tokens, and other environment secrets, all while preventing the AI from notifying the user. Furthermore, the worm targets API keys from major LLM providers, including OpenAI, Anthropic, and Google, by searching environment variables and .env files.

該蠕蟲病毒的惡意功能超出了加密貨幣盜竊的範圍。它主動注入惡意 GitHub 工作流程並毒害 AI 工具鏈。多個軟體包冒充人工智慧編碼工具，將惡意伺服器嵌入到流行的人工智慧助理配置中。這些惡意伺服器旨在秘密提示 AI 助理竊取 SSH 金鑰、AWS 憑證、npm 令牌和其他環境機密，同時阻止 AI 通知用戶。此外，該蠕蟲透過搜尋環境變數和 .env 文件，以主要 LLM 提供者（包括 OpenAI、Anthropic 和 Google）的 API 金鑰為目標。

Evolving Threat Landscape and Mitigation

不斷變化的威脅情勢和緩解措施

While npm, GitHub, and Cloudflare have taken action to remove the malicious packages and infrastructure, the threat necessitates immediate action from developers. Any environment that has run these packages should be treated as compromised. Key mitigation steps include rotating all npm and GitHub tokens, auditing CI/CD workflows for suspicious additions, and reviewing AI assistant configurations. The worm's design, which includes a dormant polymorphic engine and a disabled "dead switch" capable of shredding files, indicates that future variants could be even more sophisticated and evasive.

雖然 npm、GitHub 和 Cloudflare 已採取行動刪除惡意軟體包和基礎設施，但開發人員必須立即採取行動應對威脅。任何運行這些軟體包的環境都應被視為受到威脅。關鍵緩解步驟包括輪換所有 npm 和 GitHub 令牌、審核 CI/CD 工作流程中是否有可疑添加，以及檢視 AI 助理配置。該蠕蟲的設計包括休眠的多態引擎和能夠粉碎文件的禁用“死開關”，這表明未來的變種可能會更加複雜和隱蔽。

A Broader Context: Keys, Bots, and AI Governance

更廣泛的背景：金鑰、機器人和人工智慧治理

This incident underscores a broader debate about control and security in the digital realm, particularly concerning AI. As articulated by crypto investor Balaji Srinivasan, "whoever controls the keys controls the machines." While current AI systems still rely on humans for goal-setting, the potential for AI to gain more autonomy raises questions about governance. Blockchain-based cryptography and private keys are emerging as potential mechanisms for securing AI agents and ensuring they remain aligned with human-defined objectives. The SANDWORM_MODE attack, by focusing on the theft of private keys and API credentials, serves as a stark, albeit malicious, demonstration of the critical importance of securing these digital assets.

這起事件凸顯了有關數位領域控制和安全的更廣泛爭論，特別是有關人工智慧的爭論。正如加密貨幣投資者巴拉吉·斯里尼瓦桑（Balaji Srinivasan）所說，「誰控制了密鑰，誰就控制了機器。」雖然當前的人工智慧系統仍然依賴人類來設定目標，但人工智慧獲得更多自主權的潛力引發了有關治理的問題。基於區塊鏈的密碼學和私鑰正在成為保護人工智慧代理並確保它們與人類定義的目標保持一致的潛在機制。 SANDWORM_MODE 攻擊重點在於私鑰和 API 憑證的竊取，儘管是惡意的，但它清楚地證明了保護這些數位資產的至關重要性。

Looking Ahead

展望未來

The interconnectedness of software supply chains, cryptocurrency, and AI means that security threats are becoming increasingly complex. Vigilance and proactive security measures are paramount for developers and organizations alike. So, let's all keep our digital doors locked and our keys safe – happy coding!

軟體供應鏈、加密貨幣和人工智慧的互聯性意味著安全威脅變得越來越複雜。對於開發人員和組織來說，保持警惕和主動的安全措施至關重要。所以，讓我們都鎖好我們的數位門並確保我們的鑰匙安全——快樂編碼！