THE Hacker News reports that threat actors behind the Trivy supply chain attack are suspected of conducting follow-on assaults that compromised a large number of npm packages with a self-spreading worm dubbed CanisterWorm. The malware uses an ICP canister as a dead drop resolver to fetch its C2 URL, a technique described by Aikido Security researcher Charlie Eriksen.
The infection targets include 28 packages in the @EmilGroup scope, 16 in the @opengov scope, and several others such as @teale[.]io/eslint-config and @airtm/uuid-base32, with a broader push that leverages stolen npm tokens to propagate.
The attack chain involves a postinstall loader that drops a Python backdoor which contacts the ICP canister to obtain the next payload link, and a subsequent CanisterWorm variant that can self-propagate without manual intervention, notably in @teale[.]io/eslint-config versions 1.8.11 and 1.8.12. Persistence is achieved via a systemd user service that restarts the Python backdoor after termination, using a hidden PostgreSQL tooling facade to avoid arousing suspicion.