Namastex npm Packages Compromised by TeamPCP's CanisterWorm Variant

Severity: High (Score: 66.0)

Sources: Cybersecuritynews, Bleepingcomputer, Gbhackers

Summary

Compromised Namastex npm packages have been discovered delivering a new variant of CanisterWorm, associated with the threat actor TeamPCP. This malware targets developer secrets, browser data, and wallet information, employing a self-propagating mechanism to spread across the npm and PyPI ecosystems. The attack replaces legitimate package contents with malicious code, allowing it to infiltrate various namespaces. The scope of the impact is significant, affecting developers who rely on these packages for their projects. The campaign is a continuation of TeamPCP's efforts to refine their supply chain attack methods. Current assessments indicate that the threat remains active and poses a serious risk to the software development community. Key Points: • Malicious Namastex npm packages deliver a new CanisterWorm variant targeting developer secrets. • The malware self-propagates across npm and PyPI ecosystems, replacing legitimate code. • TeamPCP continues to evolve its supply chain attack strategies, posing ongoing risks.

Key Entities

• TeamPCP (apt_group)
• Supply Chain Attack (attack_type)
• Worm (attack_type)
• Namastex Labs (company)
• namastex.ai (domain)
• CanisterWorm (malware)
• T1003 - OS Credential Dumping (mitre_attack)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• Kubernetes (platform)
• PyPI (platform)
• Npm (tool)