Self-propagating malware poisons open source software and wipes Iran-based machines

Security researchers from Aikido and Flare have exposed a sophisticated, persistent campaign by the hacking group TeamPCP. The group deployed a never-before-seen, worm-enabled backdoor dubbed 'CanisterWorm' that automates large-scale attacks. In a critical supply-chain compromise, TeamPCP gained privileged access to Aqua Security's GitHub account, poisoning virtually all versions of the widely used Trivy vulnerability scanner. The malware's core mechanism is its relentless propagation: upon infection, it hunts for npm access tokens and automatically publishes malicious versions of any packages it can access, turning developers and CI/CD pipelines into unwitting propagation vectors. Aikido observed it targeting 28 packages in less than 60 seconds.

What makes CanisterWorm particularly resilient is its command-and-control infrastructure. Instead of traditional servers, it uses an Internet Computer Protocol (ICP)-based canister—a form of self-enforcing smart contract designed to be tamper-proof and impossible for third parties to take down. This canister pointed infected machines to ever-changing URLs for malicious binaries. Machines checked in every 50 minutes, allowing attackers to dynamically update the worm's payload. Over the weekend, a new 'Kamikaze' wiper module was added, which activates exclusively for machines in Iran, performing destructive actions like `rm -rf /` or deploying wiping DaemonSets on Kubernetes clusters. This targeted geopolitical sabotage represents a curious shift for TeamPCP, whose previous activities were financially motivated through ransomware and cryptomining.