CanisterWorm is a self-spreading npm worm discovered on March 20, 2026, deployed by threat actor group TeamPCP. It originated from stolen npm tokens harvested via a compromised Trivy GitHub Actions workflow. Once a developer installs an infected package, a postinstall hook steals npm tokens, installs a persistent Python backdoor via systemd (Linux only), and automatically republishes the worm under all packages the victim has publish access to. The C2 infrastructure runs on the Internet Computer Protocol (ICP), a decentralized blockchain, making it resistant to conventional takedowns. Over 50 npm packages across multiple organizations were affected. Detection involves checking for a 'pgmon' systemd service and associated files, while remediation requires stopping the service, removing files, and rotating all npm credentials.
Table of contents
Background: How TeamPCP Got the KeysTechnical Analysis of the CanisterWormImpact AnalysisIndicators of CompromiseDetection and RemediationAttributionConclusionSort: