How did the CanisterWorm attack propagate?

The worm harvested npm authentication tokens from compromised systems and used them to publish infected versions of other packages, enabling rapid and widespread propagation.

What measures can prevent similar supply chain attacks?

Implementing zero-trust principles, securing CI/CD pipelines, enabling two-factor authentication for package maintainers, and monitoring for unauthorized package modifications can help prevent similar attacks.

CanisterWorm: A Self-Propagating Supply Chain Attack on the npm Ecosystem

In April 2026, the npm ecosystem faced a significant supply chain attack with the emergence of CanisterWorm, a self-propagating worm that compromised packages to steal developer credentials and spread autonomously.

Published: April 22, 2026

Share this on:

Executive Summary

In April 2026, a sophisticated supply chain attack targeted the npm ecosystem, compromising multiple packages to deploy a self-propagating worm known as CanisterWorm. The attack began with the exploitation of a GitHub Actions misconfiguration in the Trivy vulnerability scanner, allowing the threat group TeamPCP to steal a Personal Access Token (PAT). This token was used to publish malicious versions of Trivy, which, when installed, harvested sensitive credentials including npm authentication tokens. The worm then utilized these stolen tokens to automatically publish infected versions of other packages accessible with the compromised credentials, facilitating rapid and widespread propagation across the npm ecosystem. (anuragnandi.com)

This incident underscores the escalating threat of supply chain attacks within open-source ecosystems, highlighting the need for enhanced security measures in package management and CI/CD pipelines. The use of decentralized command-and-control infrastructure, as seen with CanisterWorm's utilization of an Internet Computer Protocol (ICP) canister, presents new challenges in threat mitigation and emphasizes the importance of adopting zero-trust principles and robust monitoring practices to safeguard against such evolving threats. (anuragnandi.com)

Why This Matters Now

The CanisterWorm attack exemplifies the increasing sophistication of supply chain threats, particularly within open-source ecosystems. Its self-propagating nature and use of decentralized command-and-control infrastructure highlight the urgent need for organizations to implement stringent security measures in their software development and deployment processes to prevent similar incidents.

Attack Path Analysis

Attackers compromised npm packages to deliver a self-propagating worm that exfiltrated developer credentials, enabling further package compromises and data theft.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

Medium

Lateral Movement

Medium

Command & Control

High

Exfiltration

High

Impact

Medium

Initial Compromise

Description

Attackers injected malicious code into npm packages, which, when installed, executed scripts to steal developer credentials.

Confidence:

High

MITRE ATT&CK® Techniques

Initial Access

T1195.002

Supply Chain Compromise: Compromise Software Dependencies and Development Tools

Credential Access

T1528

Steal Application Access Token

Command and Control

T1071.001

Application Layer Protocol: Web Protocols

Command and Control

T1105

Ingress Tool Transfer

Persistence

T1574.002

Hijack Execution Flow: DLL Side-Loading

Defense Evasion

T1553.002

Subvert Trust Controls: Code Signing

Lateral Movement

T1080

Taint Shared Content

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Ensure the integrity of software and scripts

Control ID: 6.3.2

The incident involved the compromise of npm packages, indicating a failure to maintain the integrity of software components as required by PCI DSS.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The attack exploited vulnerabilities in the software supply chain, suggesting inadequacies in the organization's cybersecurity policies and procedures.

DORA – ICT Risk Management Framework

Control ID: Article 5

The breach highlights deficiencies in the institution's ICT risk management framework, particularly in managing third-party software risks.

CISA ZTMM 2.0 – Asset Management

Control ID: 3.1

The incident underscores the need for comprehensive asset management to monitor and control software dependencies effectively.

NIS2 Directive – Supply Chain Security

Control ID: Article 21

The attack demonstrates vulnerabilities in the supply chain, emphasizing the importance of implementing robust supply chain security measures as mandated by NIS2.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Computer Software/Engineering

Direct exposure to npm supply chain worms targeting developer tokens, compromising software development pipelines and requiring enhanced egress security controls.

Information Technology/IT

Critical risk from self-propagating worms stealing developer credentials, necessitating zero trust segmentation and threat detection across development infrastructure environments.

Financial Services

High-value target for token theft attacks requiring PCI compliance controls, encrypted traffic monitoring, and anomaly detection for unauthorized destinations.

Health Care / Life Sciences

HIPAA-regulated environments vulnerable to supply chain compromise through development tools, demanding east-west traffic security and multicloud visibility controls.

Sources

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokenshttps://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html
Verified

CanisterWorm - Sockethttps://socket.dev/supply-chain-attacks/canisterworm

Verified

New compromised versions detected in CanisterWorm attack - JFrog Security Researchhttps://research.jfrog.com/post/canister-worm/

Verified

Frequently Asked Questions

CanisterWorm is a self-propagating worm that targeted the npm ecosystem in April 2026, compromising packages to harvest developer credentials and spread autonomously.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware policies.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: The CNSF would likely limit the execution of unauthorized scripts by enforcing strict workload isolation and monitoring.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: Zero Trust Segmentation would likely constrain unauthorized access to sensitive files by enforcing least-privilege access controls.

Lateral Movement

Control: East-West Traffic Security

Mitigation: East-West Traffic Security would likely reduce the attacker's ability to move laterally by monitoring and controlling internal traffic flows.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: Multicloud Visibility & Control would likely limit unauthorized external communications by providing comprehensive monitoring and control over outbound traffic.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: Egress Security & Policy Enforcement would likely constrain data exfiltration by enforcing strict policies on outbound data transfers.

Impact (Mitigations)

The CNSF would likely reduce the overall impact by limiting the attacker's ability to propagate and access sensitive environments.

Impact at a Glance

Affected Business Functions

Software Development
Continuous Integration/Continuous Deployment (CI/CD) Pipelines
Package Management

Operational Disruption

Estimated downtime: 3 days

Financial Impact

Estimated loss: $50,000

Data Exposure

Developer credentials, including npm tokens, SSH keys, cloud service credentials, and other sensitive configuration files.

Recommended Actions

• Implement Zero Trust Segmentation to restrict lateral movement within developer environments.
• Enforce Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
• Utilize Threat Detection & Anomaly Response to identify and respond to unusual activities indicative of supply chain attacks.
• Apply Inline IPS (Suricata) to detect and block known exploit patterns and malicious payloads during package installations.
• Ensure Cloud Native Security Fabric (CNSF) is in place for real-time inspection and enforcement of security policies across cloud environments.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

CanisterWorm: A Self-Propagating Supply Chain Attack on the npm Ecosystem

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

MITRE ATT&CK® Techniques

Supply Chain Compromise: Compromise Software Dependencies and Development Tools

Steal Application Access Token

Application Layer Protocol: Web Protocols

Ingress Tool Transfer

Hijack Execution Flow: DLL Side-Loading

Subvert Trust Controls: Code Signing

Taint Shared Content

Potential Compliance Exposure

PCI DSS 4.0 – Ensure the integrity of software and scripts

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Asset Management

NIS2 Directive – Supply Chain Security

Sector Implications

Computer Software/Engineering

Information Technology/IT

Financial Services

Health Care / Life Sciences

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads