Ethical Hacking News
A fresh set of packages has been compromised by bad actors, delivering a self-propagating worm that spreads through stolen developer npm tokens. This supply chain worm uses an ICP canister to exfiltrate the stolen data and has been detected by cybersecurity firms Socket and StepSecurity. The affected packages include @automagik/genie, @fairwords/loopback-connector-es, @fairwords/websocket, @openwebconcept/design-tokens, @openwebconcept/theme-owc, pgserve, and others.
The worm is designed not only to steal credentials but also to leverage the stolen npm tokens to push poisoned versions of the packages to the registry with a new malicious postinstall hook. This attack campaign has been found to have a success rate of less than 10%, targeting small hobbyist projects primarily. The attackers did not gain access to production infrastructure or cloud credentials in most cases but managed to expose ephemeral GitHub credentials for the workflow.
The recent attacks on npm and PyPI packages highlight the need for continuous vigilance and security measures within the open-source ecosystem. Developers should remain cautious and monitor their environments closely, especially when using package managers like npm and PyPI.
A fresh set of packages has been compromised by bad actors, delivering a self-propagating worm dubbed CanisterSprawl. The worm uses an ICP canister to exfiltrate stolen data and has been detected by cybersecurity firms Socket and StepSecurity. Malicious packages have been found to trigger during install time via a postinstall hook, stealing credentials and secrets from developer environments. A sustained GitHub Actions campaign has systematically exploited the "pull_request_target" workflow trigger since March 11, 2026. A phone insurance provider impersonation campaign impersonated Asurion and its subsidiaries, publishing malicious packages from April 1 through April 8, 2026. Multiple npm package versions have been compromised with a multi-stage credential harvester that can steal developer tokens. An attack on Kubernetes utilities has established a SOCKS5 proxy, reverse proxy, SFTP server, and LLM proxy on the victim's machine.
A fresh set of packages has been compromised by bad actors, delivering a self-propagating worm that spreads through stolen developer npm tokens. This supply chain worm, dubbed CanisterSprawl, uses an ICP canister to exfiltrate the stolen data and has been detected by cybersecurity firms Socket and StepSecurity.
The list of affected packages includes @automagik/genie, @fairwords/loopback-connector-es, @fairwords/websocket, @openwebconcept/design-tokens, @openwebconcept/theme-owc, pgserve, and others. The malware triggers during install time via a postinstall hook to steal credentials and secrets from developer environments.
The stolen credentials were initially exfiltrated to a Slack webhook and then to an AWS API Gateway endpoint, where they were later obfuscated using XOR encoding. This worm is designed not only to steal credentials but also to leverage the stolen npm tokens to push poisoned versions of the packages to the registry with a new malicious postinstall hook.
Cybersecurity researchers have identified an artificial intelligence (AI)-powered campaign dubbed prt-scan that has systematically exploited the "pull_request_target" GitHub Actions workflow trigger since March 11, 2026. This attacker uses accounts such as testedbefore, beforetested-boop, 420tb, 69tf420, elzotebo, and ezmtebo to search for repositories using the trigger, fork those repositories, create a branch with a pre-defined naming convention, inject a malicious payload into a file that's executed during CI, open a pull request, and then steal developer credentials when the workflow is triggered.
The campaign has been found to have a success rate of less than 10%, targeting small hobbyist projects primarily. The attackers did not gain access to production infrastructure or cloud credentials in most cases but managed to expose ephemeral GitHub credentials for the workflow.
Another sustained npm supply chain attack campaign documented by Panther has impersonated phone insurance provider Asurion and its subsidiaries, publishing malicious packages from April 1 through April 8, 2026. These packages contain a multi-stage credential harvester that can be used to steal developer tokens.
Researchers at JFrog discovered that multiple versions of the legitimate Python package "xinference" have been compromised. The payload included in these versions fetches a second-stage collector module responsible for harvesting a wide range of credentials and secrets from infected hosts.
Furthermore, cybersecurity firm Wiz identified an attack on npm packages known as kube-health-tools and kube-node-health, which masquerade as Kubernetes utilities but silently install a Go-based binary to establish a SOCKS5 proxy, a reverse proxy, an SFTP server, and a large language model (LLM) proxy on the victim's machine.
This LLM proxy is an OpenAI-compatible API gateway that accepts requests and routes them to upstream APIs. The potential threat here lies in the fact that every request passes through the router in plaintext, allowing malicious operators to inject malicious tool calls into responses before they reach the client.
The attackers can also use this LLM router to exfiltrate secrets from request and response bodies, including API keys, AWS credentials, GitHub tokens, Ethereum private keys, and system prompts. The supply chain worm attacks that have been documented in recent times are not only a threat to individual developers but also pose a significant risk to the open-source ecosystem.
Related Information:
https://www.ethicalhackingnews.com/articles/Self-Propagating-Supply-Chain-Worm-Hijacks-npm-Packages-to-Steal-Developer-Tokens-ehn.shtml
https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html
https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem
Published: Wed Apr 22 14:10:50 2026 by llama3.2 3B Q4_K_M
