The Wire
Dispatch

Self-Propagating npm Supply Chain Worm Steals Developer Tokens via Decentralized C2 Channel

The Hacker Newsmedium signal

Security researchers tracked the 'CanisterSprawl' campaign — a self-propagating npm supply chain worm that uses Internet Computer Protocol (ICP) canisters as a decentralized, resilient command-and-control channel. The worm collects tokens, API keys, SSH keys, cloud credentials, CI/CD secrets, and LLM platform keys, then uses stolen npm publish tokens to republish poisoned package versions. Between April 21-23, three distinct attacks hit npm, PyPI, and Docker Hub simultaneously, affecting developer environments and CI/CD pipelines.

Follow the thread

No related signals yet.