New Supply Chain Worm Targets npm and PyPI, Stealing Developer Credentials
Cybersecurity researchers from Socket and StepSecurity have uncovered a self-propagating supply chain worm, dubbed CanisterSprawl, that exploits compromised npm packages to steal developer credentials and spread malicious updates. The campaign, active in recent weeks, leverages an ICP canister for data exfiltration a tactic previously used by TeamPCP to evade takedowns.
Affected Packages
The following npm packages were found to contain malicious postinstall hooks that trigger the worm during installation:
@automagik/genie(v4.260421.33–4.260421.40)@fairwords/loopback-connector-es(v1.4.3–1.4.4)@fairwords/websocket(v1.0.38–1.0.39)@openwebconcept/design-tokens(v1.0.1–1.0.3)@openwebconcept/theme-owc(v1.0.1–1.0.3)pgserve(v1.1.11–1.1.14)
Attack Mechanics
Once executed, the malware harvests sensitive data from developer environments, including:
- npm tokens (used to publish poisoned package versions)
- SSH keys,
.git-credentials, and.netrcfiles - Cloud credentials (AWS, Google Cloud, Azure)
- Kubernetes, Docker, Terraform, and Vault configurations
- Local
.envfiles and shell history - Browser-stored credentials (Chromium-based browsers)
- Cryptocurrency wallet extensions
Stolen data is exfiltrated to:
- An HTTPS webhook (
telemetry.api-monitor[.]com) - An ICP canister (
cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0[.]io)
The worm also includes PyPI propagation logic, generating malicious Python packages via Twine if credentials are present, effectively turning one compromised environment into multiple package infections.
Additional Threats in Open-Source Ecosystems
-
Compromised PyPI Package: Versions 2.6.0–2.6.2 of the legitimate
xinferencepackage were altered to include a Base64-encoded payload, fetching a second-stage credential harvester. While the payload includes the marker "# hacked by teampcp," the group denied involvement, suggesting a copycat attack. -
Fake Kubernetes Tools: Malicious npm (
kube-health-tools) and PyPI (kube-node-health) packages disguised as Kubernetes utilities deploy a Go-based binary that sets up:- A SOCKS5 proxy
- A reverse proxy
- An SFTP server
- An LLM proxy (routing requests to Chinese LLM APIs, enabling secret exfiltration and malicious payload injection).
-
Asurion-Themed npm Attack: Between April 1–8, 2026, threat actors published fake npm packages (
sbxapps,asurion-hub-web,soluto-home-web,asurion-core) impersonating Asurion and its subsidiaries. Stolen credentials were first sent to a Slack webhook, then to an AWS API Gateway endpoint, later obfuscated with XOR encoding. -
GitHub Actions Exploitation: A campaign dubbed prt-scan, active since March 11, 2026, abuses the
pull_request_targetGitHub Actions trigger to steal secrets. Attackers:- Fork repositories using the trigger
- Inject malicious payloads into CI workflows
- Open pull requests to trigger credential theft
- Publish malicious npm packages if tokens are found
While the campaign had a <10% success rate, most victims were small projects, though a few exposed cloud credentials and persistent API keys.
Impact & Trends
These incidents highlight the growing sophistication of supply chain attacks, with threat actors increasingly targeting npm, PyPI, and CI/CD pipelines to propagate malware. The use of resilient exfiltration methods (ICP canisters, obfuscated endpoints) and multi-stage credential theft underscores the need for heightened scrutiny in open-source dependency management.
Source: https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html
Asurion TPRM report: https://www.rankiteo.com/company/asurion
npm TPRM report: https://www.rankiteo.com/company/npm-inc-
GitHub TPRM report: https://www.rankiteo.com/company/github
"id": "gitnpmasu1776918263",
"linkid": "github, npm-inc-, asurion",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Developers and organizations '
'using compromised packages',
'industry': 'Open-Source Software',
'location': 'Global',
'name': 'npm packages',
'type': 'Software Package'},
{'customers_affected': 'Developers and organizations '
'using compromised packages',
'industry': 'Open-Source Software',
'location': 'Global',
'name': 'PyPI packages',
'type': 'Software Package'},
{'customers_affected': 'Developers using affected CI/CD '
'pipelines',
'industry': 'Software Development',
'location': 'Global',
'name': 'GitHub repositories',
'type': 'Code Repository'}],
'attack_vector': ['Compromised npm/PyPI packages',
'Postinstall hooks',
'CI/CD pipeline exploitation'],
'data_breach': {'data_exfiltration': ['HTTPS webhook '
'(telemetry.api-monitor[.]com)',
'ICP canister '
'(cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0[.]io)'],
'file_types_exposed': ['.env',
'.git-credentials',
'.netrc',
'SSH keys'],
'sensitivity_of_data': 'High (developer and cloud '
'credentials)',
'type_of_data_compromised': ['Credentials',
'Configuration files',
'Browser data',
'Cryptocurrency wallets']},
'description': 'Cybersecurity researchers from Socket and StepSecurity '
'uncovered a self-propagating supply chain worm, dubbed '
'CanisterSprawl, that exploits compromised npm packages to '
'steal developer credentials and spread malicious updates. The '
'campaign leverages an ICP canister for data exfiltration and '
'includes PyPI propagation logic, turning compromised '
'environments into multiple package infections.',
'impact': {'brand_reputation_impact': ['Open-source ecosystem trust erosion'],
'data_compromised': ['npm tokens',
'SSH keys',
'.git-credentials',
'.netrc files',
'Cloud credentials (AWS, Google Cloud, Azure)',
'Kubernetes/Docker/Terraform/Vault '
'configurations',
'Local .env files',
'Shell history',
'Browser-stored credentials',
'Cryptocurrency wallet extensions'],
'identity_theft_risk': ['High (stolen credentials)'],
'operational_impact': ['Compromised package ecosystems',
'Malicious package propagation'],
'systems_affected': ['npm',
'PyPI',
'CI/CD pipelines',
'Developer environments']},
'initial_access_broker': {'backdoors_established': ['Malicious postinstall '
'hooks',
'Reverse proxies',
'SOCKS5 proxies'],
'entry_point': ['Compromised npm/PyPI packages',
'GitHub Actions exploitation'],
'high_value_targets': ['Developer environments',
'CI/CD pipelines']},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident highlights the growing sophistication of '
'supply chain attacks, with threat actors targeting npm, '
'PyPI, and CI/CD pipelines to propagate malware. Resilient '
'exfiltration methods and multi-stage credential theft '
'underscore the need for heightened scrutiny in '
'open-source dependency management.',
'motivation': ['Credential theft', 'Data exfiltration', 'Malware propagation'],
'post_incident_analysis': {'corrective_actions': ['Package takedowns',
'Credential revocation',
'Enhanced monitoring of '
'open-source dependencies'],
'root_causes': ['Lack of scrutiny in open-source '
'package ecosystems',
'Exploitation of CI/CD pipeline '
'vulnerabilities',
'Use of resilient exfiltration '
'methods']},
'recommendations': ['Enhanced scrutiny of open-source dependencies',
'Monitoring for malicious postinstall scripts',
'Revoking exposed credentials immediately',
'Securing CI/CD pipelines against exploitation'],
'references': [{'source': 'Socket'}, {'source': 'StepSecurity'}],
'response': {'containment_measures': ['Package takedowns',
'Credential revocation'],
'remediation_measures': ['Removal of malicious packages',
'Security patches'],
'third_party_assistance': ['Socket', 'StepSecurity']},
'threat_actor': ['TeamPCP (alleged)', 'Copycat attackers'],
'title': 'New Supply Chain Worm Targets npm and PyPI, Stealing Developer '
'Credentials',
'type': ['Supply Chain Attack', 'Credential Theft', 'Malware Propagation'],
'vulnerability_exploited': ['Malicious postinstall scripts',
'Fake Kubernetes tools',
'GitHub Actions pull_request_target trigger']}