First-Ever Blockchain C2 Worm Spreads Across npm Ecosystem
A previously undocumented self-propagating malware called CanisterWorm has compromised 47 npm packages, marking the first publicly documented abuse of Internet Computer Protocol (ICP) smart contracts as a command-and-control dead drop resolver. The worm emerged as a follow-on attack from the Trivy security scanner supply chain breach.
| Attribute | Value |
|---|---|
| Malware Name | CanisterWorm |
| Type | Self-propagating supply chain worm |
| Packages Compromised | 47 npm packages |
| C2 Infrastructure | ICP canister (blockchain smart contract) |
| Attribution | TeamPCP (cloud-focused cybercriminal group) |
| Persistence | systemd service on Linux hosts |
| Propagation | Steals npm tokens → publishes to new packages |
| Origin | Trivy scanner GitHub Actions breach |
How CanisterWorm Propagates
The worm's self-spreading mechanism was first detected in @teale.io/eslint-config versions 1.8.11 and 1.8.12:
- Postinstall Hook — When a developer installs a compromised package, the
postinstallscript triggersindex.js - Token Harvesting — A
findNpmTokens()function scans the victim's machine for npm authentication tokens (.npmrcfiles) - Package Infection — Using stolen tokens, the worm publishes backdoored versions of packages the developer has write access to
- Downstream Spread — Anyone installing those newly infected packages repeats the cycle
The Blockchain C2 Innovation
What makes CanisterWorm novel is its use of ICP canisters — tamperproof smart contracts on the Internet Computer blockchain — as a dead drop resolver for its command-and-control server:
- The C2 address is stored in an immutable blockchain contract
- Traditional takedown requests to hosting providers are ineffective
- The canister acts as a redirect layer, pointing to the actual C2 infrastructure
- Operators can update the C2 address via the blockchain without modifying any malware code
Persistence Mechanism
Once installed on a development machine, CanisterWorm establishes persistence through a systemd service that survives reboots and continues to:
- Monitor for new npm tokens
- Exfiltrate environment variables and credentials
- Maintain a reverse shell to the C2 server
| Impact Area | Description |
|---|---|
| Developer Machines | Persistent backdoor with credential theft |
| npm Ecosystem | 47 packages compromised, hundreds of thousands of potential downstream installations |
| CI/CD Pipelines | Stolen tokens enable supply chain attacks at scale |
| Takedown Resistance | Blockchain C2 cannot be disrupted through conventional means |
| Attribution | TeamPCP cloud crime group, linked to broader Trivy campaign |
Recommendations
For Developers
- Audit your npm tokens — revoke and rotate all tokens immediately if you installed any suspicious packages
- Check
.npmrcfiles for unexpected modifications - Review
postinstallscripts in dependencies before installing - Use
npm auditand lockfile-only installs in CI/CD
For Organizations
- Pin dependency versions and use lockfiles
- Implement allow-listing for npm package installations
- Monitor for unexpected npm publish events from developer accounts
- Scan for systemd services created by non-system processes
Key Takeaways
- CanisterWorm is the first malware to use blockchain smart contracts as a C2 channel, creating infrastructure that cannot be taken down through traditional means
- Self-propagation via stolen npm tokens means the worm spreads without human intervention
- 47 packages confirmed compromised with potentially hundreds of thousands of downstream installations affected
- TeamPCP is suspected as the threat actor, linking this to the broader Trivy supply chain compromise
- The postinstall hook attack vector remains one of the most dangerous aspects of the npm ecosystem
- Developers should immediately rotate npm tokens and audit their published packages for unauthorized versions