VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

CanisterSprawl: self‑propagating supply‑chain worm infects npm and steals tokens

CanisterSprawl: самораспространяемый supply‑chain‑червь заражает npm и крадёт токены

Colleagues, please note: cybersecurity researchers have identified a campaign dubbed CanisterSprawl — a self‑propagating worm that spreads via npm packages and exfiltrates developer tokens.

- Activates via postinstall hook; steals .npmrc, SSH keys, cloud credentials, Docker/K8s configs, .env files and browser/IDE extension data.
- Exfiltrated data is sent to an HTTPS webhook and an ICP canister; if tokens are present attackers publish poisoned package versions. There is PyPI‑targeting logic as well.
- JFrog and Wiz reported similar compromises and abuse of GitHub Actions (pull_request_target).

Why this matters: a single compromised environment can trigger chained infections and key leakage.

What measures are you strengthening to protect tokens and CI?
#cybersecurity #supplychain #npm #DevOps

Latest comments

No comments yet.