Self-Propagating Malware Poisons Open Source Packages and Wipes Iran-Based Machines
Ars Technica·high signal
Ars Technica reports on self-propagating malware that compromises open-source packages and specifically targets machines with Iranian locale settings for data destruction. The attack chain poisons legitimate packages to spread laterally through development environments. Coming alongside the LiteLLM/TeamPCP campaign, this marks an escalation in supply chain attacks targeting the developer ecosystem in March 2026.