Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Top 10 Next-Generation Firewall Solutions for 2026
July 6, 2026
Microsoft Device Code Phishing Attack Steals Tokens via Login Page
July 6, 2026
Critical Gemini Live Voice flaw lets attackers inject tools via misconfigured tokens
July 6, 2026
Home/Threats/Critical Namastex npm Package Flaw Delivers CanisterWorm Malware
Threats

Critical Namastex npm Package Flaw Delivers CanisterWorm Malware

Key Takeaways Malicious versions of npm packages associated with Namastex.ai have been found distributing the self-propagating CanisterWorm malware. The attack leverages compromised npm publishing...

David kimber
David kimber
April 22, 2026 4 Min Read
48 0

Key Takeaways

  • Malicious versions of npm packages associated with Namastex.ai have been found distributing the self-propagating CanisterWorm malware.
  • The attack leverages compromised npm publishing tokens to inject backdoors into legitimate packages, subsequently republishing them under their original names.
  • CanisterWorm is a sophisticated supply chain threat that steals sensitive credentials and propagates itself across the npm ecosystem, mirroring the tactics of the TeamPCP threat actor.
  • The malware uses an Internet Computer Protocol (ICP) canister for resilient command and control, enabling attackers to update payloads without direct interaction with infected systems.
  • Organizations should immediately rotate credentials, audit package histories, and implement install-time script analysis if Namastex.ai npm packages have been used.

Critical Supply Chain Attack Hits Namastex.ai npm Packages with CanisterWorm Malware

A significant supply chain vulnerability has emerged within the npm ecosystem, with malicious versions of packages linked to Namastex.ai actively distributing the CanisterWorm malware. This sophisticated, self-propagating backdoor, which security researchers have extensively detailed, exhibits operational characteristics highly consistent with the notorious TeamPCP threat actor.

Table Of Content

  • Key Takeaways
  • Critical Supply Chain Attack Hits Namastex.ai npm Packages with CanisterWorm Malware
  • CanisterWorm’s Broad Reach and Unique C2 Infrastructure
  • Self-Propagation: How CanisterWorm Spreads
  • What You Should Do

The attack mechanism involves the stealthy replacement of legitimate package contents with malicious code. Utilizing stolen credentials, the malware then spreads across every accessible namespace, silently compromising additional packages.

This campaign aligns with the established modus operandi of TeamPCP, a threat actor known for compromising valid npm publishing tokens, likely via vulnerable CI/CD pipelines. Once access is gained, the attacker strips original functionality from trusted packages, injects their malicious payload, and then republishes them under their authentic names.

The compromised Namastex.ai packages were released as seemingly routine patch updates. They meticulously replicated README files and metadata, making them exceedingly difficult for developers and automated security tools to detect.

CanisterWorm’s Broad Reach and Unique C2 Infrastructure

Researchers at Socket.dev discovered this threat as part of a wider investigation into the CanisterWorm supply chain attack. By late March 2026, this campaign had expanded to encompass over 135 malicious artifacts across more than 64 unique packages. The Socket Research Team highlighted that the Namastex.ai compromises mirrored the tradecraft observed in earlier CanisterWorm incidents, indicating shared attacker infrastructure and a consistent payload design across diverse victim environments.

The name “CanisterWorm” originates from a critical technical aspect of its communication with operators. Instead of relying on conventional servers, the backdoor employs an Internet Computer Protocol (ICP) canister as a dead-drop command and control (C2) channel. This innovative design allows attackers to rotate second-stage payloads without directly interacting with the implant on infected systems, significantly bolstering its resilience against standard takedown efforts.

A Wiz investigation report, published on March 20, 2026, definitively attributed the campaign to TeamPCP, the same threat actor previously linked to attacks targeting Aqua Security’s Trivy tool.

Self-Propagation: How CanisterWorm Spreads

What distinguishes CanisterWorm from typical credential-stealing malware is its embedded worm-like propagation capability. Upon installation of an infected package, a hidden postinstall hook is immediately triggered. This script executes in the background without any terminal warnings or prompts, making its operation clandestine.

The script initiates a findNpmTokens() function, designed to extract npm authentication tokens from various locations. These include the ~/.npmrc file, project-level .npmrc files, environment variables such as NPM_TOKEN, and live npm configuration queries.

The stolen tokens are then passed to a secondary script, deploy.js, which runs as a fully detached background process. This script queries the npm registry to identify every package the compromised token has publishing rights to. For each identified package, it increments the patch version, injects the CanisterWorm payload, and republishes it using the --tag latest flag. Consequently, any developer installing these packages without specifying an exact version will silently receive the infected release, inadvertently becoming a new vector for propagation.

Beyond its propagation mechanism, the CanisterWorm payload is designed to harvest a wide array of sensitive data. This includes environment variables, SSH keys, cloud credentials for AWS, Azure, and GCP, Kubernetes service account tokens, Docker registry credentials, and TLS private keys. The malware also targets browser login storage and cryptocurrency wallet files associated with MetaMask and Phantom. Exfiltrated data is encrypted using RSA public key encryption and transmitted over HTTPS to the ICP canister endpoint. If an RSA key is not present on the target system, the malware defaults to transmitting data in plaintext.

What You Should Do

  • Rotate Credentials Immediately: If your organization has used any packages from the Namastex.ai npm namespace, assume all recent versions are potentially compromised. Promptly rotate npm tokens, GitHub tokens, cloud credentials, and SSH keys from any systems where these affected packages were installed.
  • Audit Package Publish History: Scrutinize package publish histories for any unexplained version bumps linked to the same maintainer tokens.
  • Hunt for Malware Artifacts: Search CI/CD artifact caches for the known RSA public key fingerprint and file hashes associated with this campaign.
  • Enable Install-Time Script Analysis: Implement and enable tools that perform install-time script analysis to flag suspicious postinstall hooks before they execute.
  • Review Python Environments: Given that cross-ecosystem propagation logic targeting PyPI was observed in related activities, thoroughly review Python environments that share credentials with potentially compromised npm environments.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwarePatchSecurityThreat

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical Atlassian Bamboo RCE Flaw CVE-2024-1591 Lets Attackers Inject Commands

Next Post

SIM Farm-as-a-Service Network Exposes 87 Control Panels Globally

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
OpenSSH 9.7 Fixes Critical Vulnerabilities, Adds New Features
July 6, 2026
Critical Microsoft Edge Bug (CVE-2024-XXXX) Lets Attackers Run Code Remotely
July 6, 2026
Windows 11 24H2, 25H2 Bug Triggers Black Screens, Start Menu Failure
July 6, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us