A previously undocumented self-propagating malware dubbed CanisterWorm has compromised 47 npm packages in what appears to be a follow-on attack to the supply chain compromise of the popular Trivy security scanner. The malware gets its name from its use of ICP canisters, which are tamperproof smart contracts on the Internet Computer Protocol.
The attack represents a significant escalation in supply chain threats, with the malware demonstrating self-spreading capabilities across the npm ecosystem. The connection to the earlier Trivy scanner compromise suggests threat actors are leveraging their initial access to conduct broader supply chain attacks against JavaScript package repositories.