A new supply chain malware campaign called CanisterWorm is targeting the npm ecosystem by compromising publisher accounts and spreading malicious package updates. The worm steals npm authentication tokens and automatically propagates itself across developer-maintained packages, creating a self-amplifying supply chain attack. 
By hiding malicious code inside routine version updates, the campaign turns trusted developer tools into credential-stealing delivery mechanisms.
How CanisterWorm Works
The attack begins when a developer installs a compromised npm package. A malicious postinstall script runs automatically and deploys a Python-based backdoor on the system.
Initial Infection Flow
- Developer installs compromised package
- postinstall hook executes automatically
- Python backdoor dropped on host
- Persistent service created
- npm tokens harvested
- Worm spreads to publisher packages
- Malicious updates published
This chain reaction allows a single compromised developer to infect dozens of downstream packages.
Token Theft and Autonomous Spread
The worm searches for authentication credentials in multiple locations.
Credential Sources
- .npmrc files
- User home directory configs
- System-wide npm configuration
- Environment variables
- CI/CD pipeline secrets
Once tokens are collected, the worm:
- Queries npm registry
- Identifies owned packages
- Increments patch versions
- Publishes poisoned updates automatically
Persistence Mechanism
On Linux systems, the worm registers a background service.
Persistence Details
- Service name: pgmon
- Registered via systemd
- Survives reboots
- Runs silently in background
Command-and-Control Infrastructure
CanisterWorm communicates with a decentralized backend.
C2 Characteristics
- Uses Internet Computer Protocol (ICP) canister
- Blockchain-hosted endpoint
- Dead-drop communication
- Blends with normal web traffic
This architecture makes network detection significantly harder.
Files and Artifacts Created
The worm stores data in temporary directories.
Known File Paths
- /tmp/pglog – payload storage
- /tmp/.pg_state – execution tracking
These artifacts indicate possible compromise.
Why This Attack Is Dangerous
- Self-propagating behavior
- Token theft and reuse
- Trusted package poisoning
- Silent execution via postinstall
- Decentralized command channel
- Hard-to-detect infrastructure
Supply Chain Impact
One compromised developer account can:
- Infect multiple packages
- Impact thousands of downstream users
- Poison CI/CD pipelines
- Spread across organizations
- Enable credential reuse attacks
Detection Indicators
Security teams should monitor for:
- Unexpected postinstall script execution
- Unknown systemd services
- npm token access anomalies
- Python processes during npm install
- Temporary files in /tmp/pglog
- Unauthorized package version bumps
Immediate Response Actions
Developers using affected packages should assume compromise.
Required Steps
- Rotate npm publishing tokens
- Revoke CI/CD secrets
- Delete .npmrc tokens
- Stop pgmon service
- Remove persistence files
- Clean node_modules directories
- Rebuild dependencies from trusted sources
Linux Cleanup Commands
Recommended remediation includes:
- Stop background service
- Disable persistence
- Remove temporary files
- Reinstall dependencies
These steps help remove active infection.
Preventive Security Measures
Developer Best Practices
- Use scoped npm tokens
- Enable 2FA on npm accounts
- Audit package updates carefully
- Monitor publishing activity
- Limit CI/CD token permissions
Defensive Configuration
- Disable install scripts when possible
- Validate dependency integrity
- Monitor dependency version changes
- Implement package allowlists
Risk Impact Analysis
| Risk Area | Impact |
|---|---|
| Credentials | npm token theft |
| Supply Chain | Package poisoning |
| CI/CD | Pipeline compromise |
| Distribution | Malicious code spread |
| Development | Backdoor persistence |
Key Takeaways
- CanisterWorm is self-propagating
- Steals npm authentication tokens
- Uses postinstall script execution
- Publishes malicious package updates
- Targets developer supply chain
Conclusion
CanisterWorm highlights the growing risk of self-propagating supply chain malware in open-source ecosystems. By stealing npm tokens and automatically poisoning packages, attackers can rapidly expand their reach across developer communities.
Organizations should prioritize:
- Token security
- Dependency monitoring
- CI/CD hardening
- Behavioral detection
Securing developer workflows is critical to preventing large-scale software supply chain compromises.
