A threat actor known as TeamPCP deployed a self-propagating npm worm called CanisterWorm across 46+ packages following their earlier compromise of the Trivy security scanner. The attack uses a three-stage architecture: a Node.js postinstall hook drops a Python backdoor, which persists via a user-level systemd service and polls an Internet Computer Protocol (ICP) canister as a censorship-resistant C2 dead-drop for dynamic payload delivery. The worm evolved within hours from a manually-triggered tool into a fully self-propagating implant that harvests npm tokens from .npmrc files, environment variables, and npm config, then automatically republishes itself to every package the stolen tokens can access. Key evasion techniques include 5-minute sandbox sleep delays, PostgreSQL-themed file naming, silent failure via try/catch, and README preservation to avoid detection. SHA256 hashes and filesystem indicators of compromise are provided.
Table of contents
Technical BreakdownPayload - MalwarePayload - Python BackdoorPayload - WormUpdate: CanisterWorm Learns to Self-PropagateMessage in source codeIndicators of CompromiseSort: