Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
هذا هو المقال مترجم للدارجة المغربية مع الحفاظ على التنسيق الأصلي:
The "CanisterSprawl" Worm: New Self-Propagating Malware Hijacking npm and PyPI
TL;DR: Researchers have identified a sophisticated supply chain worm dubbed "CanisterSprawl" that hijacks developer npm tokens to self-propagate. The malware steals extensive credentials—including cloud keys, SSH configs, and browser data—and uses stolen tokens to push poisoned updates to legitimate packages, turning one compromised environment into a springboard for further attacks across both npm and PyPI.
The open-source ecosystem is facing a resilient new threat. Cybersecurity firms Socket and StepSecurity have flagged a coordinated campaign involving a self-propagating worm that spreads by stealing and weaponizing developer npm tokens.
Tracked as CanisterSprawl, the campaign utilizes "canisters" on the Internet Computer Protocol (ICP) to exfiltrate data, a tactic designed to make the attacker's infrastructure resistant to traditional takedowns.
How the CanisterSprawl Worm Spreads
The attack begins when a developer installs a compromised npm package. The malware is triggered during the installation process via a postinstall hook.
Once active, the worm executes a two-stage process:
- Credential Theft: It harvests a wide array of secrets from the developer's local environment.
- Self-Propagation: If it finds a valid npm token with publishing permissions, it leverages that token to push new, "poisoned" versions of the developer’s own packages to the npm registry. These new versions contain the same malicious postinstall hook, continuing the cycle.
Notably, the worm is cross-ecosystem. Socket researchers noted that the script includes PyPI propagation logic, generating Python payloads designed to execute on startup and using legitimate tools like Twine to upload malicious Python packages if credentials are found.
Affected npm Packages
The following packages and version ranges have been identified as part of the CanisterSprawl campaign:
- @automagik/genie (4.260421.33 - 4.260421.40)
- @fairwords/loopback-connector-es (1.4.3 - 1.4.4)
- @fairwords/websocket (1.0.38 - 1.0.39)
- @openwebconcept/design-tokens (1.0.1 - 1.0.3)
- @openwebconcept/theme-owc (1.0.1 - 1.0.3)
- pgserve (1.1.11 - 1.1.14)
Data Targeted for Exfiltration
The malware is highly intrusive, targeting virtually every sensitive file in a modern development workflow, including:
- .npmrc, SSH keys, and Git credentials
- Cloud credentials for AWS, Google Cloud, and Azure
- Kubernetes and Docker configurations
- Terraform, Pulumi, and Vault materials
- Local .env files and shell history
- Data from Chromium-based browsers and cryptocurrency wallet extensions
Stolen data is sent to an HTTPS webhook (telemetry.api-monitor[.]com) and an ICP canister (cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0[.]io).
Broader Supply Chain Trends
The emergence of CanisterSprawl follows several other high-profile incidents mentioned in recent reports:
- TeamPCP Discord: Legitimate Python package
xinference(versions 2.6.0–2.6.2) was recently compromised with a payload carrying the comment "# hacked by teampcp." While the group has disputed involvement, claiming a copycat is at work, the tactics remain similar. - LLM Proxy Attacks: Malicious packages like
kube-health-tools(npm) andkube-node-health(PyPI) were found installing SOCKS5 and LLM proxies. These allow attackers to route AI traffic through a victim’s machine, potentially injecting malicious code into the responses of AI coding agents. - The "prt-scan" Campaign: Security firm Wiz identified an AI-powered campaign exploiting the
pull_request_targetGitHub Actions trigger. Attackers use automated tools to fork repositories and inject payloads into CI/CD workflows to steal credentials.
Conclusion
The CanisterSprawl campaign represents a shift toward more resilient and automated supply chain attacks. By turning a developer’s own environment into a distribution hub, attackers can bypass traditional perimeter defenses. Developers are urged to audit their installed packages for the versions listed above and consider implementing stricter token permissions (such as granular or short-lived tokens) to mitigate the risk of self-propagating worms.
Source: The Hacker News
