Development houses: It's time to check your networks for infections.

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

A hacking group called TeamPCP is running a persistent campaign deploying self-propagating malware that targets open source software ecosystems. After compromising the Trivy vulnerability scanner via Aqua Security's GitHub account, the group spread a worm through npm that infected 28 packages in under 60 seconds by stealing npm access tokens from compromised machines and publishing malicious package versions. The worm uses an Internet Computer Protocol-based smart contract canister as a tamper-proof command-and-control mechanism, making it resilient to takedowns. Notably, the malware also includes a data wiper targeting Iran-based machines. The group is known for large-scale automation and has been active since December, building proxy and scanning infrastructure for ransomware, extortion, and cryptomining.

Self-propagating malware poisons open source software and wipes Iran-based machines