{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/actors/teampcp/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["@bitwarden/cli (2026.4.0)","@cap-js/sqlite (2.2.2)","@cap-js/postgres (2.2.2)","@cap-js/db-service (2.10.1)","mbt (1.2.48)","SAP Cloud Application Programming (CAP) Model","checkmarx/kics"],"_cs_severities":["high"],"_cs_tags":["npm","supply-chain","credential-theft","github"],"_cs_type":"threat","_cs_vendors":["npm","GitHub","SAP","Bitwarden","Checkmarx","Microsoft"],"content_html":"\u003cp\u003eThe npm ecosystem is experiencing a surge in sophisticated supply chain attacks following the Shai-Hulud worm in September 2025. Attackers, including TeamPCP, are actively compromising npm packages to gain access to sensitive information and establish persistence within CI/CD pipelines. The attacks have evolved to include wormable propagation, infrastructure-level persistence, and multi-stage payloads designed to evade detection. In April 2026, two campaigns were observed: one included the string \u0026ldquo;Shai-Hulud: The Third Coming,\u0026rdquo; and the other, dubbed \u0026ldquo;Mini Shai-Hulud,\u0026rdquo; targeted the SAP developer ecosystem. The compromised packages are often part of SAP\u0026rsquo;s Cloud Application Programming (CAP) Model and multitarget application (MTA) build toolchain, increasing the likelihood of impacting enterprise developers and CI/CD pipelines with access to cloud credentials and GitHub tokens.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eInitial Compromise: Attackers compromise legitimate npm packages, such as @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt, by injecting malicious code.\u003c/li\u003e\n\u003cli\u003eMalicious Code Injection: Compromised packages receive two new files: setup.mjs and execution.js, along with a modified package.json containing a \u0026ldquo;preinstall\u0026rdquo; hook.\u003c/li\u003e\n\u003cli\u003eExecution of setup.mjs: During the \u003ccode\u003enpm install\u003c/code\u003e process, the preinstall hook executes setup.mjs, which detects the host OS and architecture.\u003c/li\u003e\n\u003cli\u003eBun Runtime Download and Execution: setup.mjs downloads the Bun JavaScript runtime (v1.3.13) from GitHub releases and extracts it to a temporary directory.\u003c/li\u003e\n\u003cli\u003eExecution of execution.js: The Bun runtime executes execution.js, a large (11.7 MB) obfuscated credential stealer and propagation framework.\u003c/li\u003e\n\u003cli\u003eCredential Harvesting: execution.js harvests GitHub tokens, npm tokens, environment variables, GitHub Actions secrets, AWS STS identity, Azure Key Vault secrets, GCP Secret Manager values, and Kubernetes service account tokens. It also targets Claude and MCP configuration files and Electrum wallets.\u003c/li\u003e\n\u003cli\u003eData Exfiltration: The collected data is compressed, encrypted, and exfiltrated to freshly created public GitHub repositories with randomized names and descriptions.\u003c/li\u003e\n\u003cli\u003ePropagation: The malware searches for commits containing the keyword \u0026ldquo;OhNoWhatsGoingOnWithGitHub,\u0026rdquo; decodes matching commit messages as a token dead-drop, recovers stolen GitHub tokens, and uses them to spread the malware to other packages.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eCompromised npm packages can lead to the theft of sensitive credentials, including cloud provider credentials, GitHub tokens, and CI/CD secrets. Successful attacks can result in unauthorized access to cloud infrastructure, code repositories, and deployment pipelines. The Mini Shai-Hulud campaign targeted packages with approximately 570,000 weekly downloads, potentially impacting a large number of SAP developers and enterprise environments. The attackers use stolen credentials to further propagate the malware, increasing the scale and scope of the compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRotate npm tokens and GitHub Personal Access Tokens (PATs) immediately if any affected packages were installed (refer to the list of affected packages in the IOC table).\u003c/li\u003e\n\u003cli\u003eMonitor npm install processes for unexpected execution of \u003ccode\u003enode setup.mjs\u003c/code\u003e (see Attack Chain).\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026ldquo;Detect Suspicious Bun Process Execution\u0026rdquo; to identify potential execution of the Bun runtime from temporary directories.\u003c/li\u003e\n\u003cli\u003eMonitor network connections for unusual processes connecting to \u003ccode\u003eapi.github[.]com/search/commits?q=OhNoWhatsGoingOnWithGitHub\u003c/code\u003e (see IOCs) to detect potential C2 activity.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Github Commit By Claude Email\u0026rdquo; to identify commits authored with the email \u003ccode\u003eclaude@users.noreply.github.com\u003c/code\u003e to detect malicious commits.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-02T00:10:33Z","date_published":"2026-05-02T00:10:33Z","id":"/briefs/2026-05-npm-supply-chain/","summary":"Threat actors are compromising npm packages, including those targeting SAP developers, to steal credentials, embed themselves in CI/CD pipelines, and deploy multi-stage payloads using techniques like wormable propagation and covert C2 channels on GitHub.","title":"Increased npm Supply Chain Attacks Targeting SAP Developers","url":"https://feed.craftedsignal.io/briefs/2026-05-npm-supply-chain/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Cloud Application Programming (CAP)","Cloud MTA Build Tool","@cap-js/db-service","@cap-js/postgres","@cap-js/sqlite","github.com"],"_cs_severities":["critical"],"_cs_tags":["supply-chain","npm","sap","credential-theft"],"_cs_type":"threat","_cs_vendors":["SAP","GitHub"],"content_html":"\u003cp\u003eThe Mini Shai-Hulud campaign, active as of April 2026, targets SAP NPM packages used in the SAP Cloud Application Programming (CAP) ecosystem and SAP cloud deployment workflows. Four package versions were compromised: \u003ccode\u003embt 1.2.48\u003c/code\u003e, \u003ccode\u003e@cap-js/db-service 2.10.1\u003c/code\u003e, \u003ccode\u003e@cap-js/postgres 2.2.2\u003c/code\u003e, and \u003ccode\u003e@cap-js/sqlite 2.2.2\u003c/code\u003e. These packages, with over 500,000 combined weekly downloads, are essential for SAP\u0026rsquo;s Cloud MTA Build Tool and database services for CAP software. The attackers injected a preinstall script that fetches and executes a Bun binary, bypassing security monitoring. The malicious versions were available for a short window of 2-4 hours before being unpublished and superseded by clean versions. Wiz attributes this activity to TeamPCP due to a shared RSA public key used to encrypt the exfiltrated secrets.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker compromises an NPM token, possibly exposed through CircleCI.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a malicious \u003ccode\u003epreinstall\u003c/code\u003e script into the targeted SAP NPM packages (\u003ccode\u003embt\u003c/code\u003e, \u003ccode\u003e@cap-js/db-service\u003c/code\u003e, \u003ccode\u003e@cap-js/postgres\u003c/code\u003e, \u003ccode\u003e@cap-js/sqlite\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eWhen a user installs the compromised package, the \u003ccode\u003epreinstall\u003c/code\u003e script executes.\u003c/li\u003e\n\u003cli\u003eThe script fetches a Bun ZIP archive from a GitHub repository.\u003c/li\u003e\n\u003cli\u003eThe script extracts the Bun archive and executes the included Bun binary.\u003c/li\u003e\n\u003cli\u003eThe Bun binary steals local credentials, GitHub and NPM tokens, AWS, Azure, GCP, GitHub Action, and Kubernetes secrets.\u003c/li\u003e\n\u003cli\u003eThe stolen data is exfiltrated to public GitHub repositories with the description \u0026ldquo;A Mini Shai-Hulud has Appeared\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eThe malware propagates by modifying package tarballs, updating versions, repackaging them, and publishing them using stolen GitHub Actions tokens.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe Mini Shai-Hulud attack poses a significant threat to developers and organizations using SAP CAP, a framework for S/4HANA extensions, Fiori app backends, MTAs, and integration flows. With over 500,000 weekly downloads of the affected packages, a large number of systems could have been affected. Successful exploitation allows attackers to steal sensitive credentials and cloud secrets, potentially leading to unauthorized access to critical SAP systems, cloud infrastructure, and source code repositories. This access could be used for further malicious activities, including data breaches, financial fraud, and supply chain compromise.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eOrganizations using SAP Business Technology Platform workflows, SAP CAP, or MTA-based deployment pipelines should immediately check if they installed the malicious package versions (\u003ccode\u003embt 1.2.48\u003c/code\u003e, \u003ccode\u003e@cap-js/db-service 2.10.1\u003c/code\u003e, \u003ccode\u003e@cap-js/postgres 2.2.2\u003c/code\u003e, \u003ccode\u003e@cap-js/sqlite 2.2.2\u003c/code\u003e) during the exposure window.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring rules to detect connections to unusual GitHub repositories created to host stolen data. Monitor for repositories with the description \u0026ldquo;A Mini Shai-Hulud has Appeared\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003eMonitor process execution for the execution of \u003ccode\u003ebun\u003c/code\u003e binaries in unusual or unexpected locations to identify systems where compromised packages were installed. Deploy the Sigma rule \u003ccode\u003eDetect Bun Execution From NPM Package\u003c/code\u003e to detect this behavior.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T14:27:36Z","date_published":"2026-04-30T14:27:36Z","id":"/briefs/2026-04-mini-shai-hulud/","summary":"The Mini Shai-Hulud campaign injected malicious code into SAP NPM packages, targeting credentials and cloud secrets related to SAP Cloud Application Programming (CAP) and SAP cloud deployment workflows, exfiltrating data through public GitHub repositories.","title":"Mini Shai-Hulud Supply Chain Attack Targets SAP NPM Packages","url":"https://feed.craftedsignal.io/briefs/2026-04-mini-shai-hulud/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Cloud Application Programming Model (CAP)","Cloud MTA"],"_cs_severities":["critical"],"_cs_tags":["supply-chain","credential-theft","npm"],"_cs_type":"threat","_cs_vendors":["SAP"],"content_html":"\u003cp\u003eOn April 29, 2026, security researchers discovered that multiple official SAP npm packages were compromised in a supply-chain attack, suspected to be carried out by TeamPCP. The compromised packages, including \u003ccode\u003e@cap-js/sqlite\u003c/code\u003e (v2.2.2), \u003ccode\u003e@cap-js/postgres\u003c/code\u003e (v2.2.2), \u003ccode\u003e@cap-js/db-service\u003c/code\u003e (v2.10.1), and \u003ccode\u003embt\u003c/code\u003e (v1.2.48), support SAP\u0026rsquo;s Cloud Application Programming Model (CAP) and Cloud MTA, commonly used in enterprise development. The attack involves injecting a malicious \u0026lsquo;preinstall\u0026rsquo; script into these packages, which executes automatically during installation. This script downloads and executes a heavily obfuscated JavaScript payload designed to steal sensitive credentials from developer machines and CI/CD environments. This incident highlights the ongoing risk of supply chain attacks targeting widely used development tools.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Compromise:\u003c/strong\u003e Threat actors compromise official SAP npm packages (\u003ccode\u003e@cap-js/sqlite\u003c/code\u003e, \u003ccode\u003e@cap-js/postgres\u003c/code\u003e, \u003ccode\u003e@cap-js/db-service\u003c/code\u003e, \u003ccode\u003embt\u003c/code\u003e). The exact method of initial compromise is currently unknown, but a misconfigured CircleCI job is suspected.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePackage Modification:\u003c/strong\u003e The compromised npm packages are modified to include a malicious \u0026lsquo;preinstall\u0026rsquo; script.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInstallation Trigger:\u003c/strong\u003e When developers install the compromised packages using \u003ccode\u003enpm install\u003c/code\u003e, the \u0026lsquo;preinstall\u0026rsquo; script executes automatically.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePayload Download:\u003c/strong\u003e The \u0026lsquo;preinstall\u0026rsquo; script launches a loader named \u003ccode\u003esetup.mjs\u003c/code\u003e that downloads the Bun JavaScript runtime from GitHub.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExecution of Information Stealer:\u003c/strong\u003e The Bun runtime is used to execute a heavily obfuscated \u003ccode\u003eexecution.js\u003c/code\u003e payload, which acts as an information stealer.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCredential Theft:\u003c/strong\u003e The information stealer targets a wide variety of credentials, including npm and GitHub authentication tokens, SSH keys, cloud credentials for AWS, Azure, and Google Cloud, Kubernetes configurations and secrets, and CI/CD pipeline secrets and environment variables.  It also attempts to extract secrets directly from the CI runner\u0026rsquo;s memory by scanning \u003ccode\u003e/proc/\u0026lt;pid\u0026gt;/maps\u003c/code\u003e and \u003ccode\u003e/proc/\u0026lt;pid\u0026gt;/mem\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Exfiltration:\u003c/strong\u003e The stolen data is encrypted and uploaded to public GitHub repositories under the victim\u0026rsquo;s account. These repositories include the description \u0026ldquo;A Mini Shai-Hulud has Appeared\u0026rdquo;.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement:\u003c/strong\u003e The malware searches GitHub commits for the string \u003ccode\u003eOhNoWhatsGoingOnWithGitHub:\u0026lt;base64\u0026gt;\u003c/code\u003e, decoding matching commit messages into GitHub tokens to gain further access and propagate to other packages and repositories, injecting the same malicious code.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis supply chain attack can lead to the theft of sensitive credentials, allowing attackers to gain unauthorized access to internal systems, cloud infrastructure, and source code repositories. The compromised credentials and secrets can be used for lateral movement within the victim\u0026rsquo;s network, data exfiltration, and further supply chain attacks. The use of stolen credentials to modify other packages increases the scope of the attack, potentially impacting a large number of developers and organizations using the compromised SAP packages.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor npm package installations for the presence of \u003ccode\u003epreinstall\u003c/code\u003e scripts executing unusual processes, such as the execution of \u003ccode\u003esetup.mjs\u003c/code\u003e or the download of the Bun JavaScript runtime from GitHub; implement the \u003ccode\u003eDetect Suspicious NPM Package Preinstall Script\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement the \u003ccode\u003eDetect GitHub Repository Creation with \u0026quot;A Mini Shai-Hulud has Appeared\u0026quot; Description\u003c/code\u003e Sigma rule to detect exfiltration attempts via public GitHub repositories.\u003c/li\u003e\n\u003cli\u003eAudit CI/CD pipeline configurations and restrict access to sensitive credentials and secrets to prevent exposure via misconfigured jobs; remediate the reported CircleCI misconfiguration.\u003c/li\u003e\n\u003cli\u003eMonitor process memory for credential harvesting activity targeting Runner processes in CI/CD environments, specifically looking for reads of \u003ccode\u003e/proc/\u0026lt;pid\u0026gt;/maps\u003c/code\u003e and \u003ccode\u003e/proc/\u0026lt;pid\u0026gt;/mem\u003c/code\u003e as outlined in the overview.\u003c/li\u003e\n\u003cli\u003eDeprecate and remove the compromised packages \u003ccode\u003e@cap-js/sqlite\u003c/code\u003e (v2.2.2), \u003ccode\u003e@cap-js/postgres\u003c/code\u003e (v2.2.2), \u003ccode\u003e@cap-js/db-service\u003c/code\u003e (v2.10.1), and \u003ccode\u003embt\u003c/code\u003e (v1.2.48) from your development and CI/CD environments.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T22:43:44Z","date_published":"2026-04-29T22:43:44Z","id":"/briefs/2026-04-sap-npm-compromise/","summary":"Multiple official SAP npm packages were compromised via a supply chain attack, likely by TeamPCP, to steal credentials and authentication tokens from developers' systems.","title":"Compromised SAP npm Packages Steal Developer Credentials","url":"https://feed.craftedsignal.io/briefs/2026-04-sap-npm-compromise/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["supply-chain","software-compromise","github"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eIn early 2026, a surge in supply chain attacks has been observed, impacting widely used open-source libraries and tools. Notably, Axios, a popular HTTP client library for JavaScript with 100 million weekly downloads, was maliciously modified. Additionally, the \u0026ldquo;chaos-as-a-service\u0026rdquo; group TeamPCP injected malicious code into hijacked GitHub repositories for open-source projects, including Trivy, a security scanner. The Talos 2025 Year in Review indicated that nearly 25% of the top 100 targeted vulnerabilities affected widely used frameworks and libraries. React2Shell became the top-targeted vulnerability of 2025. These incidents highlight the fragility of the software supply chain and the potential for widespread downstream impact, affecting numerous organizations relying on these compromised components. Defenders face the challenge of identifying and remediating deeply integrated malicious code within their environments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eInitial Compromise:\u003c/strong\u003e TeamPCP compromises GitHub repositories of open-source projects like Trivy.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCode Injection:\u003c/strong\u003e Malicious code is injected into the project\u0026rsquo;s codebase within the compromised GitHub repository.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePackage Build and Distribution:\u003c/strong\u003e The compromised code is included in a new version of the software package during the build process.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDistribution via Package Managers:\u003c/strong\u003e The malicious package is distributed through package managers like npm, becoming available for download by developers.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDownstream Consumption:\u003c/strong\u003e Developers unknowingly download and integrate the compromised package into their applications.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eExecution in Downstream Environments:\u003c/strong\u003e The malicious code executes within the developers\u0026rsquo; applications and environments.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLateral Movement/Data Exfiltration/Ransomware:\u003c/strong\u003e The injected code performs malicious actions such as data exfiltration or establishing a reverse shell for lateral movement.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact:\u003c/strong\u003e The attacker achieves their objectives, such as data theft, system compromise, or ransomware deployment across numerous downstream victims.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe compromise of widely used libraries and frameworks like Axios and Trivy can have a vast impact, potentially affecting millions of users and organizations. The Axios library alone receives 100 million downloads weekly. The successful exploitation of the React2Shell vulnerability demonstrates the speed at which these attacks can reach massive scale. The resulting damage can range from data breaches and system compromise to ransomware deployment, affecting organizations across various sectors. The integration of these utilities often makes full cataloging and remediation challenging, leading to prolonged exposure and increased risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecure CI/CD pipelines to prevent compromises from occurring, addressing the attack vector used by TeamPCP.\u003c/li\u003e\n\u003cli\u003eImplement robust logging to monitor for suspicious activity related to compromised packages and aid in incident response.\u003c/li\u003e\n\u003cli\u003eOrganizations must inventory the software libraries and frameworks they employ and rapidly implement patching and other mitigations when security incidents are reported.\u003c/li\u003e\n\u003cli\u003eImplement robust multi-factor authentication (MFA) to protect developer accounts on platforms like GitHub.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-03T17:31:42Z","date_published":"2026-04-03T17:31:42Z","id":"/briefs/2026-04-supply-chain-attacks/","summary":"Multiple supply chain attacks, including the compromise of Axios and Trivy via hijacked GitHub repositories by TeamPCP, demonstrate the increasing threat to open-source software.","title":"Rise in Software Supply Chain Attacks Targeting Open-Source Libraries","url":"https://feed.craftedsignal.io/briefs/2026-04-supply-chain-attacks/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["supply-chain","pypi","credential-theft","teampcp"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 27, 2026, the \u003ccode\u003etelnyx\u003c/code\u003e Python package on PyPI was compromised by TeamPCP, resulting in the distribution of malicious versions 4.87.1 and 4.87.2. The attacker, having gained unauthorized access to PyPI credentials, bypassed the legitimate GitHub release pipeline to upload these compromised packages directly. These versions contain malware designed to harvest sensitive credentials from infected systems and exfiltrate them to a command-and-control (C2) server. The malicious packages were available for approximately 6 hours before being quarantined by PyPI. Version 4.87.1 contained a typo preventing execution, making 4.87.2 the fully functional malicious version. This incident highlights the risk of supply chain attacks targeting open-source package repositories, potentially affecting any system that installed the \u003ccode\u003etelnyx\u003c/code\u003e package during the exposure window.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker gains unauthorized access to PyPI credentials for the \u003ccode\u003etelnyx\u003c/code\u003e package.\u003c/li\u003e\n\u003cli\u003eThe attacker uploads malicious versions 4.87.1 and 4.87.2 of the \u003ccode\u003etelnyx\u003c/code\u003e package to PyPI, bypassing the legitimate GitHub repository.\u003c/li\u003e\n\u003cli\u003eWhen a user installs or upgrades to the malicious \u003ccode\u003etelnyx\u003c/code\u003e package, the injected malware within \u003ccode\u003etelnyx/_client.py\u003c/code\u003e executes upon importing the library (\u003ccode\u003eimport telnyx\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eOn Linux/macOS systems, the malware spawns a detached subprocess to ensure persistence and downloads a payload hidden inside a WAV audio file (\u003ccode\u003eringtone.wav\u003c/code\u003e) from the C2 server at \u003ccode\u003ehttp://83.142.209.203:8080/\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe downloaded payload harvests sensitive credentials, including SSH keys, AWS/GCP/Azure credentials, Kubernetes tokens, Docker configurations, .env files, database credentials, and crypto wallets.\u003c/li\u003e\n\u003cli\u003eIf Kubernetes access is detected, the malware deploys privileged pods to all nodes for lateral movement within the Kubernetes cluster.\u003c/li\u003e\n\u003cli\u003eThe collected data is encrypted using AES-256-CBC and RSA-4096, then exfiltrated to the C2 server, identified by the header \u003ccode\u003eX-Filename: tpcp.tar.gz\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOn Windows, a binary payload hidden in \u003ccode\u003ehangup.wav\u003c/code\u003e is downloaded from \u003ccode\u003ehttp://83.142.209.203:8080/\u003c/code\u003e, dropped as \u003ccode\u003emsbuild.exe\u003c/code\u003e in the Startup folder for persistence, and executed with a hidden window, polling the endpoint \u003ccode\u003ehttp://83.142.209.203:8080/raw\u003c/code\u003e.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe compromise of the \u003ccode\u003etelnyx\u003c/code\u003e PyPI package poses a significant risk to developers and organizations that use the library.  Successful exploitation leads to the theft of sensitive credentials, potentially granting the attacker unauthorized access to critical infrastructure, cloud resources, and sensitive data. TeamPCP\u0026rsquo;s previous campaign against LiteLLM and the similarities in this attack suggest a pattern of targeting open-source projects to infiltrate developer environments and steal secrets.  The impact includes potential data breaches, financial losses, and reputational damage. The exposure window was approximately 6 hours during which vulnerable versions were available.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately check for the presence of malicious \u003ccode\u003etelnyx\u003c/code\u003e package versions (4.87.1 or 4.87.2) in your environment using the provided commands and uninstall them (\u003ccode\u003epip uninstall telnyx\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eDue to the credential-stealing nature of the malware, rotate all potentially exposed secrets, including SSH keys, cloud provider credentials (AWS, GCP, Azure), Kubernetes tokens, Docker registry credentials, database passwords, API keys in .env files, and Telnyx API keys.\u003c/li\u003e\n\u003cli\u003eCheck for persistence mechanisms used by the malware, specifically the \u003ccode\u003eaudiomon\u003c/code\u003e service and associated files on Linux/macOS, and the \u003ccode\u003emsbuild.exe\u003c/code\u003e executable in the Startup folder on Windows, based on the file paths provided in the \u0026ldquo;Filesystem\u0026rdquo; section.\u003c/li\u003e\n\u003cli\u003eBlock the identified C2 IP address (\u003ccode\u003e83.142.209.203\u003c/code\u003e) and payload URLs (\u003ccode\u003ehttp://83.142.209.203:8080/ringtone.wav\u003c/code\u003e, \u003ccode\u003ehttp://83.142.209.203:8080/hangup.wav\u003c/code\u003e, \u003ccode\u003ehttp://83.142.209.203:8080/raw\u003c/code\u003e) at your network perimeter.\u003c/li\u003e\n\u003cli\u003eDeploy the following Sigma rule to detect the creation of \u003ccode\u003emsbuild.exe\u003c/code\u003e in the Startup folder.\u003c/li\u003e\n\u003cli\u003ePin the \u003ccode\u003etelnyx\u003c/code\u003e package to the safe version 4.87.0 in your project dependencies to prevent future installations of compromised versions.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-30T19:15:30Z","date_published":"2026-03-30T19:15:30Z","id":"/briefs/2026-03-telnyx-pypi-compromise/","summary":"A threat actor compromised the PyPI package `telnyx`, uploading malicious versions 4.87.1 and 4.87.2 containing credential-stealing malware that exfiltrates data to a C2 server.","title":"Compromised Telnyx PyPI Package Distributes Credential-Stealing Malware","url":"https://feed.craftedsignal.io/briefs/2026-03-telnyx-pypi-compromise/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["supply chain attack","pypi","credential theft","steganography"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 27, 2026, the Telnyx package on the Python Package Index (PyPI) was compromised by the threat actor TeamPCP. Malicious versions 4.87.1 and 4.87.2 were uploaded, containing credential-stealing malware concealed within WAV audio files. This supply-chain attack targeted developers using the Telnyx Python SDK, a popular package with over 740,000 monthly downloads, used for integrating communication services into applications. The malicious code resides in the \u003ccode\u003etelnyx/_client.py\u003c/code\u003e file and executes upon import. The compromise is believed to have originated from stolen credentials for the publishing account on the PyPI registry. TeamPCP has been linked to previous supply-chain attacks and wiper campaigns against Iranian systems, highlighting the group\u0026rsquo;s focus on disrupting software development and infrastructure.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eTeamPCP gains unauthorized access to the Telnyx PyPI account, likely through credential theft.\u003c/li\u003e\n\u003cli\u003eMalicious versions 4.87.1 and 4.87.2 of the Telnyx package are published to PyPI.\u003c/li\u003e\n\u003cli\u003eWhen a developer installs the compromised Telnyx package, the \u003ccode\u003etelnyx/_client.py\u003c/code\u003e file is executed upon import.\u003c/li\u003e\n\u003cli\u003eOn Linux and macOS, a detached process is spawned to download a second-stage payload disguised as a WAV audio file (\u003ccode\u003eringtone.wav\u003c/code\u003e) from a remote command-and-control (C2) server.\u003c/li\u003e\n\u003cli\u003eSteganography is used to hide malicious code within the WAV file\u0026rsquo;s data frames.\u003c/li\u003e\n\u003cli\u003eThe embedded payload is extracted using an XOR-based decryption routine and executed in memory.\u003c/li\u003e\n\u003cli\u003eThe malware harvests sensitive data, including SSH keys, credentials, cloud tokens, cryptocurrency wallets, and environment variables.\u003c/li\u003e\n\u003cli\u003eIf Kubernetes is present, the malware enumerates cluster secrets and deploys privileged pods to access underlying host systems. On Windows, a different WAV file (\u003ccode\u003ehangup.wav\u003c/code\u003e) is downloaded that extracts and saves an executable named \u003ccode\u003emsbuild.exe\u003c/code\u003e to the startup folder for persistence.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis supply chain attack could result in widespread compromise of systems utilizing the Telnyx Python SDK. Over 740,000 monthly downloads indicate a large potential victim pool. Stolen credentials and secrets can lead to unauthorized access to cloud resources, sensitive data exfiltration, and further lateral movement within compromised networks. For systems running Kubernetes, the attacker could gain control over the entire cluster, leading to significant disruption and data loss. Developers who installed the malicious packages are advised to consider their systems fully compromised and rotate all secrets as soon as possible.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIdentify and remove Telnyx versions 4.87.1 and 4.87.2 from all environments, reverting to version 4.87.0 as recommended by the vendor.\u003c/li\u003e\n\u003cli\u003eMonitor network connections for processes spawned by Python interpreters (\u003ccode\u003epython.exe\u003c/code\u003e, \u003ccode\u003epython3\u003c/code\u003e) attempting to download files with the \u003ccode\u003e.wav\u003c/code\u003e extension, using the \u0026ldquo;Detect Suspicious Python WAV Download\u0026rdquo; Sigma rule provided below.\u003c/li\u003e\n\u003cli\u003eImplement stricter controls and multi-factor authentication for PyPI accounts used to publish packages to prevent similar supply chain attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the \u0026ldquo;Detect msbuild.exe in Startup Folder\u0026rdquo; Sigma rule to identify potential persistence attempts on Windows systems.\u003c/li\u003e\n\u003cli\u003eRotate all secrets and credentials on any system that has imported the malicious Telnyx package.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-28T12:00:00Z","date_published":"2026-03-28T12:00:00Z","id":"/briefs/2026-03-teampcp-telnyx/","summary":"The TeamPCP threat actor compromised the Telnyx PyPI package, injecting credential-stealing malware hidden within WAV audio files to target Linux, macOS, and Windows systems.","title":"TeamPCP Backdoors Telnyx PyPI Package with Steganographic Malware","url":"https://feed.craftedsignal.io/briefs/2026-03-teampcp-telnyx/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["supply-chain","ci/cd","infostealer"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eTeamPCP is conducting a supply chain attack targeting multiple companies through the compromise of their CI/CD pipelines and GitHub accounts. The attack involves an infostealer designed to harvest sensitive information such as credentials from CI environments, contents of .env files, and cloud tokens. The compromised credentials allowed the attackers to gain unauthorized access and potentially inject malicious code into the software development lifecycle. The attack has impacted projects including Trivy, KICS, and LiteLLM, suggesting a broad targeting scope within the software development and cloud security sectors. This type of attack poses a significant risk to the integrity and security of the software supply chain, as compromised code can be distributed to numerous downstream users.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eInitial compromise of a developer\u0026rsquo;s machine or CI/CD environment via an unspecified initial access vector.\u003c/li\u003e\n\u003cli\u003eDeployment of an infostealer binary onto the compromised system.\u003c/li\u003e\n\u003cli\u003eThe infostealer scans the local file system for .env files containing sensitive credentials.\u003c/li\u003e\n\u003cli\u003eThe infostealer targets CI/CD environment variables to extract API keys, tokens, and other secrets.\u003c/li\u003e\n\u003cli\u003eThe infostealer searches for cloud tokens, potentially targeting AWS credentials, Azure service principals, or GCP service account keys.\u003c/li\u003e\n\u003cli\u003eExtracted credentials are used to gain unauthorized access to GitHub accounts and CI/CD pipelines.\u003c/li\u003e\n\u003cli\u003eAttackers inject malicious code or dependencies into the targeted projects, potentially leading to supply chain contamination.\u003c/li\u003e\n\u003cli\u003eCompromised code is distributed to downstream users of Trivy, KICS, LiteLLM, and other impacted projects.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe TeamPCP supply chain attack has impacted multiple companies and projects, including Trivy, KICS, and LiteLLM. The compromise of CI/CD pipelines and GitHub accounts allows attackers to inject malicious code into software projects, potentially affecting thousands of users. This can lead to data breaches, malware infections, and erosion of trust in the affected software. The exact number of victims is unknown, but the impact is significant due to the widespread use of the compromised projects in the cloud security and development sectors.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement multi-factor authentication (MFA) on all GitHub accounts and CI/CD pipelines to prevent unauthorized access.\u003c/li\u003e\n\u003cli\u003eRotate API keys and tokens regularly, especially those used in CI/CD environments, to minimize the impact of credential theft.\u003c/li\u003e\n\u003cli\u003eImplement secrets scanning in CI/CD pipelines to prevent accidental exposure of sensitive information in code repositories.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Infostealer Activity in CI/CD Environments\u0026rdquo; to identify suspicious processes accessing environment variables.\u003c/li\u003e\n\u003cli\u003eMonitor file system access for unusual reads of .env files, using the \u0026ldquo;Detect .env File Access\u0026rdquo; Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring to detect anomalous connections originating from CI/CD servers or developer workstations.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-26T12:00:00Z","date_published":"2026-03-26T12:00:00Z","id":"/briefs/2026-03-teampcp-supply-chain/","summary":"TeamPCP compromised CI/CD pipelines and GitHub accounts of multiple companies by deploying an infostealer to extract credentials from CI environments, .env files, and cloud tokens, impacting projects like Trivy, KICS, and LiteLLM.","title":"TeamPCP Supply Chain Attack via CI/CD Compromise","url":"https://feed.craftedsignal.io/briefs/2026-03-teampcp-supply-chain/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["supply-chain","github-actions","ci/cd"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 23, 2026, Wiz.io reported a supply chain attack targeting the KICS (Keeping Infrastructure Configuration Secure) GitHub Action. The threat actor, identified as TeamPCP, successfully compromised the KICS GitHub Action, potentially impacting numerous organizations utilizing the action in their CI/CD pipelines. This incident highlights the risks associated with supply chain dependencies and the potential for malicious actors to inject malicious code into widely used software components. The KICS GitHub Action is used to scan infrastructure-as-code (IaC) files for security vulnerabilities, making its compromise a significant security concern. Organizations that used the compromised version of the action may have had their secrets exfiltrated, or their infrastructure configurations altered.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003cp\u003eDue to the limited information, the attack chain below is based on a typical supply chain compromise scenario:\u003c/p\u003e\n\u003col\u003e\n\u003cli\u003eTeamPCP gains unauthorized access to the KICS GitHub Action repository or its build process.\u003c/li\u003e\n\u003cli\u003eThe attacker injects malicious code into the KICS GitHub Action. This code could be designed to exfiltrate sensitive information, modify infrastructure configurations, or establish a backdoor.\u003c/li\u003e\n\u003cli\u003eA new version of the KICS GitHub Action, containing the malicious code, is released and made available on the GitHub Marketplace.\u003c/li\u003e\n\u003cli\u003eOrganizations using the KICS GitHub Action automatically update to the compromised version through their CI/CD pipelines.\u003c/li\u003e\n\u003cli\u003eThe malicious code executes within the CI/CD environments of victim organizations, potentially gaining access to environment variables, secrets, and other sensitive data.\u003c/li\u003e\n\u003cli\u003eThe malicious code exfiltrates collected data to attacker-controlled infrastructure.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the exfiltrated data to further compromise the victim\u0026rsquo;s infrastructure or gain unauthorized access to their systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe compromise of the KICS GitHub Action represents a significant supply chain risk. Organizations utilizing the compromised action in their CI/CD pipelines could have experienced exfiltration of sensitive data, including API keys, credentials, and infrastructure configurations. Successful exploitation could lead to unauthorized access to cloud resources, data breaches, and disruption of services. While the exact number of affected organizations remains unclear, the widespread use of KICS suggests a potentially large impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInvestigate CI/CD pipeline logs for usage of the compromised KICS GitHub Action version (refer to Overview).\u003c/li\u003e\n\u003cli\u003eAudit GitHub Action dependencies in CI/CD pipelines to identify and remove any unauthorized or suspicious actions (refer to Overview).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic originating from CI/CD environments for connections to unusual or malicious destinations (based on potential exfiltration in Attack Chain).\u003c/li\u003e\n\u003cli\u003eImplement stricter access controls and monitoring for GitHub Action repositories and build processes to prevent future supply chain attacks (refer to Overview).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule detecting suspicious script execution within GitHub Action workflows to identify potential malicious activity (see rule below).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-23T19:20:57Z","date_published":"2026-03-23T19:20:57Z","id":"/briefs/2024-06-07-teampcp-kics-supply-chain/","summary":"TeamPCP conducted a supply chain attack compromising the KICS GitHub Action, impacting users who integrated the compromised version into their CI/CD pipelines.","title":"TeamPCP Compromise of KICS GitHub Action Supply Chain","url":"https://feed.craftedsignal.io/briefs/2024-06-07-teampcp-kics-supply-chain/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["kubernetes","wiper","iran","canisterworm","teampcp","destructive-attack"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eTeamPCP has deployed a Kubernetes wiper named CanisterWorm, specifically targeting Iranian infrastructure. This destructive malware is designed to obliterate data within Kubernetes environments. The wiper\u0026rsquo;s emergence in March 2026 signals a heightened level of cyber aggression, particularly given the geopolitical context. Defenders need to be aware of the potential for significant operational disruption and data loss. The targeting of Kubernetes environments reflects a sophisticated understanding of modern infrastructure and the increasing reliance on containerization technologies. This campaign requires immediate attention and proactive security measures to mitigate the risk of successful attacks.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eInitial compromise of a node within the Kubernetes cluster, possibly via exploiting a known vulnerability or through compromised credentials.\u003c/li\u003e\n\u003cli\u003eCanisterWorm gains elevated privileges within the compromised node, potentially using techniques such as privilege escalation exploits.\u003c/li\u003e\n\u003cli\u003eDiscovery of other nodes and resources within the Kubernetes cluster through reconnaissance activities, leveraging the Kubernetes API.\u003c/li\u003e\n\u003cli\u003eLateral movement to other nodes using stolen credentials or by exploiting trust relationships between nodes.\u003c/li\u003e\n\u003cli\u003eExecution of CanisterWorm on each targeted node, initiating the data wiping process.\u003c/li\u003e\n\u003cli\u003eOverwriting critical system files and data volumes within the containers and pods.\u003c/li\u003e\n\u003cli\u003eCorruption of Kubernetes configuration files, leading to instability and potential cluster failure.\u003c/li\u003e\n\u003cli\u003eFinal stage involves the complete destruction of data within the Kubernetes environment, rendering the affected systems unusable.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful deployment of CanisterWorm results in widespread data loss and service disruption within the targeted Kubernetes environments. This can lead to significant financial losses, reputational damage, and operational downtime. Given the targeting of Iranian infrastructure, this attack has the potential to impact critical services and government operations. The complete destruction of data necessitates extensive recovery efforts and may result in permanent data loss if backups are not available or are also compromised.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor Kubernetes API server logs for suspicious activity, particularly attempts to list or access sensitive resources to detect reconnaissance (reference: Attack Chain step 3).\u003c/li\u003e\n\u003cli\u003eImplement network segmentation and strict access controls within the Kubernetes cluster to limit lateral movement (reference: Attack Chain step 4).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Kubernetes Pod Deletion\u003c/code\u003e to identify potential wipe attempts.\u003c/li\u003e\n\u003cli\u003eReview and harden Kubernetes security configurations, including RBAC (Role-Based Access Control) policies, to prevent unauthorized access (reference: Attack Chain step 2).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-23T12:00:00Z","date_published":"2026-03-23T12:00:00Z","id":"/briefs/2026-03-canisterworm-kubernetes-wiper/","summary":"TeamPCP's CanisterWorm is a newly identified Kubernetes wiper targeting Iranian infrastructure, indicating a politically motivated destructive attack.","title":"TeamPCP's CanisterWorm Kubernetes Wiper Targeting Iran","url":"https://feed.craftedsignal.io/briefs/2026-03-canisterworm-kubernetes-wiper/"},{"_cs_actors":["TeamPCP"],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["supply-chain","malware","npm","canisterworm"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 21, 2026, it was reported that threat actor TeamPCP successfully deployed CanisterWorm, a malicious worm, onto the NPM package registry. This followed a compromise of Trivy, a widely-used open-source vulnerability scanner. The specifics of the Trivy compromise are not detailed in this brief, but it likely involved exploiting vulnerabilities within Trivy or its infrastructure to gain unauthorized access and the ability to publish malicious packages. The scope of this incident affects developers and organizations that rely on NPM packages and utilize Trivy in their software development lifecycle. Defenders should prioritize detecting and mitigating the spread of CanisterWorm within their environments, focusing on identifying compromised Trivy instances and monitoring for suspicious activity related to NPM package installations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eInitial Compromise: TeamPCP gains unauthorized access to Trivy infrastructure, potentially exploiting a vulnerability or using stolen credentials.\u003c/li\u003e\n\u003cli\u003eMalware Injection: The attackers inject malicious code into a legitimate Trivy package or create a new package containing the CanisterWorm payload.\u003c/li\u003e\n\u003cli\u003eNPM Deployment: TeamPCP publishes the compromised or new package to the NPM registry, making it available for download by unsuspecting users.\u003c/li\u003e\n\u003cli\u003ePackage Installation: Developers unknowingly download and install the malicious package through NPM, integrating CanisterWorm into their projects.\u003c/li\u003e\n\u003cli\u003eWorm Propagation: CanisterWorm begins to propagate itself by infecting other NPM packages and dependencies within the compromised project.\u003c/li\u003e\n\u003cli\u003eLateral Movement: The worm replicates and spreads to other systems and projects that depend on the infected packages.\u003c/li\u003e\n\u003cli\u003ePersistence: The malware establishes persistence within infected systems to maintain its presence and continue spreading.\u003c/li\u003e\n\u003cli\u003ePayload Delivery: CanisterWorm executes its malicious payload, which could include data theft, code injection, or other harmful activities.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe deployment of CanisterWorm on NPM poses a significant threat to the software supply chain. Successful infection can lead to widespread compromise of applications and systems that rely on NPM packages. The specific number of victims and the full extent of damage is currently unknown, but the incident has the potential to affect numerous organizations across various sectors that utilize NPM and Trivy in their development processes. Successful exploitation could result in data breaches, service disruptions, and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor NPM package installations for suspicious activity and unexpected dependencies to identify potential CanisterWorm infections.\u003c/li\u003e\n\u003cli\u003eImplement integrity checks for NPM packages to verify their authenticity and prevent the installation of tampered packages.\u003c/li\u003e\n\u003cli\u003eAnalyze process creation events for suspicious processes originating from NPM-related processes using the provided Sigma rules.\u003c/li\u003e\n\u003cli\u003eRegularly scan systems for known malware signatures to detect CanisterWorm and other potential threats.\u003c/li\u003e\n\u003cli\u003eReview and strengthen the security of your software supply chain to mitigate the risk of future attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-22T10:00:00Z","date_published":"2026-03-22T10:00:00Z","id":"/briefs/2026-03-teampcp-canisterworm/","summary":"TeamPCP deployed the CanisterWorm malware on the NPM package registry following a compromise of the Trivy scanning tool.","title":"TeamPCP Deploys CanisterWorm on NPM After Trivy Compromise","url":"https://feed.craftedsignal.io/briefs/2026-03-teampcp-canisterworm/"}],"language":"en","title":"CraftedSignal Threat Feed — TeamPCP","version":"https://jsonfeed.org/version/1.1"}