By rssfeeds-admin The attack silently replaces legitimate package contents with infected code and continues spreading across every namespace the stolen credentials can reach.
The campaign follows a pattern that has become a signature of TeamPCP operations. The threat actor gained access to valid npm publishing tokens, likely through a compromised CI/CD pipeline.
Using those tokens, the attacker stripped the original functionality from legitimate packages, replaced it with malicious code, and republished them under the same trusted package names.
The affected Namastex.ai packages carried versions that appeared to be routine patch updates, complete with copied README files and familiar metadata, making detection difficult for developers and automated security tools.
Researchers at Socket.dev identified the threat as part of a broader investigation into the CanisterWorm supply chain attack campaign, which had expanded to over 135 malicious package artifacts across more than 64 unique packages by late March 2026.
The Socket Research Team noted the Namastex.ai packages followed the same tradecraft seen in earlier CanisterWorm activity, pointing to shared attacker infrastructure and a consistent payload design across different victim namespaces.
The name CanisterWorm comes from a key technical detail in how the malware communicates with its operators. Rather than relying on a traditional server, the backdoor polls an Internet Computer Protocol (ICP) canister acting as a dead-drop command and control channel.
This design lets attackers rotate second-stage payloads without touching the implant already running on infected systems, making it resistant to standard takedown efforts.
A Wiz investigation report released on March 20, 2026 attributed the campaign to TeamPCP, the same threat actor previously linked to attacks on Aqua Security’s Trivy tool.
Self-Propagation: How CanisterWorm Spreads
What separates CanisterWorm from typical credential-stealing malware is its built-in worm behavior. Once the infected package is installed, a hidden postinstall hook fires immediately, running in the background without terminal warnings or prompts.
The script runs a findNpmTokens() function that reads npm authentication tokens from multiple locations, including the ~/.npmrc file, project-level .npmrc files, environment variables such as NPM_TOKEN, and live npm configuration queries.
Those stolen tokens are then passed to a secondary script called deploy.js, which runs as a fully detached background process.
This script queries the npm registry to discover every package the compromised token can publish to, increments the patch version of each, injects the CanisterWorm payload, and republishes with the –tag latest flag.
Any developer who installs those packages without pinning an exact version will silently receive the infected release and become a new propagation vector.
Beyond spreading, the payload collects environment variables, SSH keys, cloud credentials for AWS, Azure, and GCP, Kubernetes service account tokens, Docker registry credentials, and TLS private keys.
Browser login storage and crypto wallet files linked to MetaMask and Phantom are also targeted. Collected data is exfiltrated using RSA public key encryption over HTTPS to the ICP canister endpoint.
When no RSA key is present on the target system, the malware switches to plaintext delivery instead.
Teams using any packages from the Namastex.ai npm namespace should treat all recent versions as potentially compromised. Immediately rotate npm tokens, GitHub tokens, cloud credentials, and SSH keys from any systems where affected packages were installed.
Audit package publish history for unexplained version bumps tied to the same maintainer tokens, and hunt across CI/CD artifact caches for the known RSA public key fingerprint and file hashes tied to this campaign.
Enable install-time script analysis to flag postinstall hooks before execution. Since cross-ecosystem propagation logic targeting PyPI was also observed in related activity, Python environments that share the same credentials should be reviewed right away.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Compromised Namastex npm Packages Deliver TeamPCP-Style CanisterWorm Malware appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.