Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
https://thehackernews.com/2026/03/trivy-supply-chain-attack-triggers-self.html
Publish Date: 2026-03-21 03:28:00
Source Domain: thehackernews.com
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.
The name is a reference to the fact that the malware uses an ICP canister, which refers to tamperproof smart contracts on the Internet Computer blockchain, as a dead drop resolver. The development marks the first publicly documented abuse of an ICP canister for the explicit purpose of fetching the command-and-control (C2) server, Aikido Security researcher Charlie Eriksen said.
The list of affected packages is below –
- 28 packages in the @EmilGroup scope
- 16 packages in the @opengov scope
- @teale.io/eslint-config
- @airtm/uuid-base32
- @pypestream/floating-ui-dom
The development comes within a day after threat actors leveraged a compromised credential to publish malicious trivy, trivy-action, and setup-trivy releases containing a credential stealer. A cloud-focused cybercriminal operation known as TeamPCP is suspected to be behind the attacks.
The infection chain involving the npm packages involves leveraging a postinstall hook to execute a loader, which then drops a Python backdoor that’s responsible for contacting the ICP canister dead drop to retrieve a URL pointing to the next-stage payload. The fact that the dead drop infrastructure is decentralized makes it resilient and resistant to takedown efforts.
“The canister controller can swap the URL at any time, pushing new binaries to all infected hosts without touching the implant,” Eriksen said.
Persistence is established by means of a systemd user service, which is configured to automatically start the Python backdoor after a 5-second delay if it gets terminated for some reason by using the “Restart=always” directive. The systemd service masquerades as PostgreSQL tooling…
