Mar 21
/
Latest News
Decentralized CanisterWorm Exploits Internet Computer Protocol in Massive npm Supply Chain Attack
A sophisticated and resilient cyberattack is currently rippling through the JavaScript ecosystem as threat actors deploy "CanisterWorm," a self-propagating malware targeting the npm registry.
This development follows a high-profile compromise of the popular Trivy scanner and marks the first documented instance of a threat group utilizing the Internet Computer Protocol (ICP) blockchain as a decentralized command-and-control (C2) mechanism. According to security researcher Charlie Eriksen of Aikido Security, the attack is linked to a cloud-focused cybercriminal group known as TeamPCP. The infection began when attackers leveraged compromised credentials to publish malicious versions of Trivy tools. Since then, the operation has expanded to include dozens of npm packages across the @EmilGroup and @opengov scopes, as well as individual packages like @teale.io/eslint-config.
The technical core of CanisterWorm is its use of an ICP "canister"—a tamperproof smart contract—acting as a dead drop resolver. By storing the URL for the next-stage payload on the blockchain, the attackers have created an infrastructure that is nearly impossible to take down. The malware, dropped via a Python backdoor, polls this canister every 50 minutes. The controller can remotely "arm" or "disarm" the infection by swapping the URL within the canister. Currently, the system is in a dormant state, directing infected hosts to a YouTube "rickroll" video, but it remains ready to deliver a malicious binary at a moment's notice.
The worm establishes persistence on Linux systems by masquerading as a PostgreSQL tool named "pgmon" via a systemd service. While initial versions required manual execution by the attackers using stolen tokens, a new, more dangerous variant has been identified. This version automates the propagation process by scanning victim environments for npm authentication tokens during the installation phase. Once a token is found, the malware automatically pushes malicious updates to every package the victim has permission to modify.
This transition into a fully autonomous worm turns every compromised developer or CI/CD pipeline into a fresh propagation vector. Security experts warn that the decentralized nature of the C2, combined with the "vibe-coded" AI-assisted efficiency of the worm, represents a significant escalation in supply chain methodology, as the infection chain can now scale exponentially without direct attacker intervention.
This development follows a high-profile compromise of the popular Trivy scanner and marks the first documented instance of a threat group utilizing the Internet Computer Protocol (ICP) blockchain as a decentralized command-and-control (C2) mechanism. According to security researcher Charlie Eriksen of Aikido Security, the attack is linked to a cloud-focused cybercriminal group known as TeamPCP. The infection began when attackers leveraged compromised credentials to publish malicious versions of Trivy tools. Since then, the operation has expanded to include dozens of npm packages across the @EmilGroup and @opengov scopes, as well as individual packages like @teale.io/eslint-config.
The technical core of CanisterWorm is its use of an ICP "canister"—a tamperproof smart contract—acting as a dead drop resolver. By storing the URL for the next-stage payload on the blockchain, the attackers have created an infrastructure that is nearly impossible to take down. The malware, dropped via a Python backdoor, polls this canister every 50 minutes. The controller can remotely "arm" or "disarm" the infection by swapping the URL within the canister. Currently, the system is in a dormant state, directing infected hosts to a YouTube "rickroll" video, but it remains ready to deliver a malicious binary at a moment's notice.
The worm establishes persistence on Linux systems by masquerading as a PostgreSQL tool named "pgmon" via a systemd service. While initial versions required manual execution by the attackers using stolen tokens, a new, more dangerous variant has been identified. This version automates the propagation process by scanning victim environments for npm authentication tokens during the installation phase. Once a token is found, the malware automatically pushes malicious updates to every package the victim has permission to modify.
This transition into a fully autonomous worm turns every compromised developer or CI/CD pipeline into a fresh propagation vector. Security experts warn that the decentralized nature of the C2, combined with the "vibe-coded" AI-assisted efficiency of the worm, represents a significant escalation in supply chain methodology, as the infection chain can now scale exponentially without direct attacker intervention.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.