top of page
perceptive_background_267k.jpg

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Published:

22 April 2026 at 17:33:00

Alert date:

22 April 2026 at 18:02:07

Source:

thehackernews.com

Click to open the original link from this advisory

Supply Chain & Dependencies, Ransomware & Malware, Data Breach & Exfiltration

A self-propagating supply chain worm called CanisterSprawl has been discovered targeting npm packages to steal developer tokens. The worm spreads through compromised npm packages and uses stolen developer tokens for propagation. It exfiltrates stolen data through an ICP canister infrastructure. The campaign has been detected and tracked by both Socket and StepSecurity security researchers. This represents an active supply chain attack against JavaScript developers using npm packages.

Technical details

A self-propagating supply chain worm named CanisterSprawl spreads through stolen developer npm tokens. The malware is triggered during install time via a postinstall hook to steal credentials and secrets from developer environments, then leverages stolen npm tokens to push poisoned versions of packages to the registry with new malicious postinstall hooks. The worm also contains PyPI propagation logic, generating Python .pth-based payloads and uploading malicious Python packages with Twine if credentials are present. Data is exfiltrated to HTTPS webhooks and ICP canisters. Related attacks include compromised xinference Python package versions, malicious Kubernetes utility packages that install Go-based binaries for proxy services, and AI-powered campaigns exploiting GitHub Actions pull_request_target workflow triggers.

Mitigation steps:

Monitor for suspicious postinstall hooks in npm packages, implement contributor approval requirements for CI/CD workflows, monitor for unusual credential access patterns, review and audit installed packages for the affected versions listed, implement network monitoring for the identified exfiltration domains, secure npm tokens and other developer credentials, enable monitoring for unauthorized package publishing activities.

Affected products:

@automagik/genie (4.260421.33 - 4.260421.40)
@fairwords/loopback-connector-es (1.4.3 - 1.4.4)
@fairwords/websocket (1.0.38 - 1.0.39)
@openwebconcept/design-tokens (1.0.1 - 1.0.3)
@openwebconcept/theme-owc (1.0.1 - 1.0.3)
pgserve (1.1.11 - 1.1.14)
xinference (2.6.0
2.6.1
2.6.2)
kube-health-tools (npm)
kube-node-health (PyPI)
sbxapps
asurion-hub-web
soluto-home-web
asurion-core

Related links:

https://socket.dev/blog/namastex-npm-packages-compromised-canisterworm
https://www.stepsecurity.io/blog/pgserve-compromised-on-npm-malicious-versions-harvest-credentials
https://socket.dev/supply-chain-attacks/canistersprawl
https://dashboard.internetcomputer.org/canister/cjn37-uyaaa-aaaac-qgnva-cai
https://thehackernews.com/2026/03/trivy-supply-chain-attack-triggers-self.html
https://research.jfrog.com/post/xinference-compromise/
https://x.com/pcpcats/status/2046927940932260092
https://www.aikido.dev/blog/gpt-proxy-backdoor-npm-pypi-chinese-llm-relay
https://panther.com/blog/false-claims-an-npm-supply-chain-campaign-impersonates-asurion
https://www.wiz.io/blog/six-accounts-one-actor-inside-the-prt-scan-supply-chain-campaign
https://thehackernews.com/2025/04/spotbugs-access-token-theft-identified.html
https://thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html

Related CVE's:

Related threat actors:

IOC's:

telemetry.api-monitor[.]com, cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0[.]io, pbyi76s0e9.execute-api.us-east-1.amazonaws[.]com, cjn37-uyaaa-aaaac-qgnva-cai

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page