TL;DR
- Two active supply chain attacks are targeting npm and PyPI packages—one spreading a Python-based backdoor through developer publishing pipelines, the other compromising a popular AI model serving framework to harvest cloud credentials.
- Both attacks exfiltrate sensitive credentials (AWS, Azure, Google Cloud access keys, SSH keys, Kubernetes secrets) and falsely attribute the intrusion to “TeamPCP,” who deny involvement.
- Developers should immediately rotate credentials, disable post-install scripts, pin dependencies to known-safe versions, and re-install from a clean state.
What happened
Two distinct—but related—supply chain incidents are actively targeting npm and PyPI packages, attempting to steal credentials from affected systems.
The “CanisterWorm” (Namastex) campaign involves malicious npm packages that use post-install scripts to drop a Python-based backdoor. Similar to the previous CanisterWorm attack, the malware attempts to identify and infect npm and PyPI packages managed by the victim, effectively spreading the malware through the developer’s publishing pipeline.
Separately, researchers discovered attackers compromised xinference (a popular AI model serving framework) to include malicious code. This code harvests cloud provider credentials (AWS, Google Cloud, Azure), SSH keys, and Kubernetes secrets from the host environment upon execution.
The malware in both cases prints a message claiming “hacked by TeamPCP” but TeamPCP, who are active on X, claim the attack wasn’t them.
What you need to know
Any software and applications relying on these packages will execute the malicious code if they load the compromised versions. Both malware attempt to steal credentials and exfiltrate them to the attacker. CanisterWorm goes further by using stolen developer credentials, modifying their software, and publishing malicious updates.
What to do
We recommend the following:
- Credential rotation: Immediately rotate all credentials, environment variables, and cloud provider (AWS/Azure/GCP) access keys if any suspicious packages were installed on the system.
- Disable scripts: Disable post -install scripts by default using `npm config set ignore-scripts true`.
- Pin dependencies: Audit package-lock.json and requirements.txt to ensure versions are pinned to known-safe releases and check for unauthorized changes to these files.
- Environment sanitization: Clear local npm caches (npm cache clean –force) and re-install dependencies from a clean state.
IOCs
whereisitat[.]lucyatemysuperbox[.]space
telemetry.api-monitor[.]com
cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0[.]io
c19c4574d09e60636425f9555d3b63e8cb5c9d63ceb1c982c35e5a310c97a839
834b6e5db5710b9308d0598978a0148a9dc832361f1fa0b7ad4343dcceba2812
References
