CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Self-propagating CanisterWorm leverages ICP canisters and npm packages for decentralized supply chain compromise

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A previously undocumented self-spreading supply chain worm, dubbed CanisterWorm, is propagating across 47 npm packages via compromised developer accounts, enabling decentralized command and control (C2) through Internet Computer Protocol (ICP) canisters. The malware leverages postinstall hooks to deploy Python backdoors that retrieve C2 URLs from tamper-proof ICP canisters, facilitating resilient, updatable payload delivery and persistent system compromise. Initial attacks involved manual propagation using stolen npm tokens, but a subsequent variant in @teale.io/eslint-config automatically harvests tokens and self-propagates without user interaction, escalating the threat to a fully automated supply chain worm. The ICP canister infrastructure supports dynamic C2 URL updates, enabling rapid retooling of the attack chain, including a dormant state triggered by YouTube links. The scope includes 28 packages in @EmilGroup, 16 in @opengov, @teale.io/eslint-config, @airtm/uuid-base32, and @pypestream/floating-ui-dom, with persistence achieved via masquerading systemd services. The operation is attributed to the cloud-focused cybercriminal group TeamPCP, following an initial compromise of Trivy scanner releases via stolen credentials.

Timeline

  1. 21.03.2026 09:28 1 articles · 2h ago

    CanisterWorm escalates from manual npm package compromise to fully automated self-propagating supply chain worm via ICP canisters

    Analysis of CanisterWorm reveals a two-stage evolution in attack methodology: an initial wave of 47 compromised npm packages leveraging postinstall hooks for manual propagation, followed by an automated variant in @teale.io/eslint-config (versions 1.8.11–1.8.12) that harvests npm tokens and self-replicates without user intervention. The ICP canister-based C2 infrastructure enables dynamic payload updates and resilient, decentralized command and control, with a dormant state triggered by YouTube links. Persistence is achieved via masqueraded systemd services, and the threat is attributed to TeamPCP, which previously compromised Trivy scanner releases.

    Show sources
    Open in new tab

Information Snippets

  • The CanisterWorm malware uses ICP canisters—decentralized, tamper-proof smart contracts on the Internet Computer blockchain—as a dead-drop resolver to fetch C2 server URLs, marking the first documented abuse of this infrastructure for malicious purposes.

    First reported: 21.03.2026 09:28
    1 source, 1 article
    Show sources

  • Persistence is established through a masqueraded systemd user service configured with Restart=always, which automatically relaunches a Python backdoor every 5 seconds if terminated, disguised as PostgreSQL tooling under the name pgmon.

    First reported: 21.03.2026 09:28
    1 source, 1 article
    Show sources

  • The Python backdoor contacts the ICP canister every 50 minutes using a spoofed browser User-Agent to retrieve a plaintext C2 URL; a dormant state is triggered when the URL points to youtube[.]com, while active payloads are delivered on other URLs.

    First reported: 21.03.2026 09:28
    1 source, 1 article
    Show sources

  • The ICP canister supports three methods—get_latest_link, http_request, and update_link—allowing dynamic modification of C2 behavior, including the ability to push new binaries to all infected hosts without altering the implant code.

    First reported: 21.03.2026 09:28
    1 source, 1 article
    Show sources

  • The initial attack chain involved malicious npm packages with postinstall hooks that dropped loaders and Python backdoors, while a second variant in @teale.io/eslint-config (versions 1.8.11 and 1.8.12) incorporated automated npm token harvesting and self-propagation via a findNpmTokens() function in index.js, eliminating the need for manual token-based propagation.

    First reported: 21.03.2026 09:28
    1 source, 1 article
    Show sources

  • The worm’s automated propagation mechanism allows it to harvest npm authentication tokens from the victim’s environment during the postinstall phase and spawn deploy.js as a detached background process to push malicious versions of packages to the registry without user interaction.

    First reported: 21.03.2026 09:28
    1 source, 1 article
    Show sources

  • The ICP canister infrastructure has been observed serving a rickroll YouTube video as the current C2 payload, indicating a likely test phase prior to full deployment of malicious binaries.

    First reported: 21.03.2026 09:28
    1 source, 1 article
    Show sources

  • The threat actor behind the campaign is attributed to TeamPCP, a cloud-focused cybercriminal group, which previously compromised Trivy scanner releases (versions trivy, trivy-action, setup-trivy) via stolen credentials to deploy a credential stealer.

    First reported: 21.03.2026 09:28
    1 source, 1 article
    Show sources