Threat actors behind the Trivy supply-chain compromise are conducting follow-on attacks that have infected dozens of npm packages with a self-propagating worm named CanisterWorm. The worm uses an Internet Computer (ICP) canister as a decentralized dead-drop for C2, allowing attackers (suspected TeamPCP) to swap payload URLs and remotely update all infected hosts. #CanisterWorm #TeamPCP
Keypoints
- CanisterWorm compromised multiple npm packages and leverages a postinstall hook to execute a loader.
- A Python backdoor contacts an ICP canister dead-drop to retrieve a URL pointing to the next-stage payload.
- Persistence is achieved via a systemd user service masquerading as βpgmonβ and configured with Restart=always.
- Attackers used a deploy.js script with stolen npm tokens to push malicious releases, while a newer variant harvests npm tokens during postinstall to self-propagate.
- The ICP canister supports methods to update the delivered payload and uses a youtube[.]com link as a dormant kill-switch to arm or disarm implants.
Read More: https://thehackernews.com/2026/03/trivy-supply-chain-attack-triggers-self.html