Ethical Hacking News
Another npm supply chain worm has been discovered, compromising multiple packages tied to an agentic AI company. The malware exfiltrates sensitive data and injects additional payloads into compromised packages, highlighting the ongoing threat of compromised software supply chains.
A recent incident dubbed "CanisterWorm" targets specific npm packages tied to an agentic AI company, highlighting the ongoing threat posed by compromised software supply chains. The malware strain is designed with specialized developer workflows in mind, striking at the heart of application security. The malicious payload exfiltrates sensitive data and injects additional payloads into already compromised packages. Similarities between this incident and a previous CanisterWorm infection attributed to TeamPCP highlight the ongoing threat posed by compromised software supply chains. The malware contains logic to extract npm tokens, identify packages that could be published, and inject new payloads into those packages for further propagation.
A recent development in the realm of cybersecurity has highlighted the ongoing threat posed by compromised software supply chains. The latest incident, dubbed "CanisterWorm," targets specific npm packages tied to Namastex Labs, an agentic AI company. This self-propagating malware strain appears to be designed with specialized developer workflows in mind, striking at the heart of application security.
According to reports from Socket and StepSecurity, a malicious payload was discovered embedded within compromised npm packages linked to @automagik/genie@4.260421.33 through 4.260421.39, pgserve@1.1.11 through 1.1.13, @fairwords/websocket@1.0.38 and 1.0.39, @fairwords/loopback-connector-es@1.4.3 and 1.4.4, @openwebconcept/design-tokens@1.0.3, and @openwebconcept/theme-owc@1.0.3. The malicious code is designed to not only exfiltrate sensitive data but also inject additional payloads into the already compromised packages.
This latest incident shares significant overlap with earlier CanisterWorm infections attributed to TeamPCP following a Trivy supply chain attack last month. While Socket's research team did identify some notable differences between the two incidents, they could not conclusively attribute the latest npm package infections to TeamPCP. Nonetheless, the shared similarities in attack techniques and tradecraft highlight the ongoing threat posed by compromised software supply chains.
The malicious payload collected tokens, credentials, API keys, SSH keys, cloud services data, CI/CD systems data, registries' credentials, Kubernetes configurations, Docker settings, LLM platforms data, and local cryptocurrency wallet files for Solana, Ethereum, Bitcoin, Exodus, and Atomic Wallet. The stolen information was then exfiltrated to both a conventional webhook and an ICP canister endpoint using the hardcoded canister ID cjn37-uyaaa-aaaac-qgnva-cai.
Furthermore, the malware contained logic to extract npm tokens from developer machines, identify packages that could be published, inject new payloads into those packages, and then republish them. If PyPI credentials were discovered on victims' machines, it employed a similar self-propagation method to upload malicious Python packages as well. This demonstrates that the malicious code is not merely designed to steal data but also crafted to spread further, turning one compromised developer environment into an additional package compromise.
"In other words, this is not just a credential stealer," Socket warned. "It is designed to turn one compromised developer environment into additional package compromises."
The CanisterWorm incident underscores the need for improved application security measures and awareness in developer communities. The ongoing threat posed by supply chain vulnerabilities necessitates continued vigilance and proactive steps to safeguard against such incidents.
Another npm supply chain worm has been discovered, compromising multiple packages tied to an agentic AI company. The malware exfiltrates sensitive data and injects additional payloads into compromised packages, highlighting the ongoing threat of compromised software supply chains.
Related Information:
https://www.ethicalhackingnews.com/articles/Another-npm-Supply-Chain-Worm-Torn-Through-Dev-Environments-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/22/another_npm_supply_chain_attack/
https://www.theregister.com/2026/04/22/another_npm_supply_chain_attack/
https://www.bleepingcomputer.com/news/security/new-npm-supply-chain-attack-self-spreads-to-steal-auth-tokens/
Published: Wed Apr 22 18:24:26 2026 by llama3.2 3B Q4_K_M
