TeamPCP Multi-Ecosystem Supply Chain Attack

On May 19, 2026, a software supply chain attack targeting the open-source ecosystem reemerged, affecting NPM packages, GitHub Actions, and VSCode extensions. The distributed malware, attributed to TeamPCP with moderate confidence, is designed to harvest credentials, exfiltrate sensitive data, and establish persistent access on infected systems. The attack specifically targets NPM packages within the @antv namespace, the GitHub Actions actions-cool/issues-helper, and the VSCode extension nrwl.angular-console v18.95.0. The attackers used orphaned GitHub commits to host payloads and the bun package manager to install secondary payloads. The malware then exfiltrates collected data through attacker-created public GitHub repositories.

Attack Chain

1. Malicious NPM packages, GitHub Actions, or VSCode extensions are installed on a developer’s machine or CI/CD environment.
2. The initial malicious code retrieves additional payloads from GitHub-hosted infrastructure, potentially stored in orphaned commits.
3. The payloads are installed and executed using bun.
4. The malware collects sensitive artifacts, including GitHub tokens, SSH keys, cloud credentials, and browser-stored secrets.
5. The collected data is exfiltrated to attacker-controlled public GitHub repositories, with repositories created with the description niagA oG eW ereH :duluH-iahS (Shai-Hulud Here We Go Again).
6. A Python-based backdoor is installed at ~/.local/share/kitty/cat.py to establish persistence.
7. The backdoor periodically polls api.github.com/search/commits?q=firedalazer for command-and-control messages containing the string firedalazer.
8. Upon finding a valid signed instruction, the malware retrieves and executes remote Python code from attacker-controlled infrastructure, allowing remote execution.

Impact

This supply chain attack can lead to the compromise of developer credentials, cloud resources, and sensitive data. Successful exploitation allows attackers to gain persistent access to infected systems and CI/CD pipelines, potentially leading to further supply chain compromises and data breaches. The compromise of developer credentials can lead to unauthorized access to source code repositories, build systems, and production environments. The number of victims and the full extent of the damage are still under investigation.

Recommendation

• Investigate developer workstations, CI/CD environments, and repositories for signs of compromise, auditing for the affected packages, GitHub Actions, and VSCode extensions listed in the appendix of this brief.
• Rotate potentially exposed GitHub tokens, SSH keys, cloud credentials, and CI/CD secrets due to the malware’s credential theft capabilities as described in the overview.
• Hunt for persistence mechanisms, including the presence of the file ~/.local/share/kitty/cat.py, as detailed in the “File Paths” IOC section.
• Deploy the “Detect TeamPCP Backdoor Polling for C2” Sigma rule to identify systems polling GitHub for commands.
• Block the C2 domain m-kosche.com at the DNS resolver to prevent command and control communication as listed in the IOC table.