A new hacking group called TeamPCP has unleashed a self-propagating worm that hijacked the widely-used Trivy vulnerability scanner and spread through npm packages, while simultaneously deploying data wipers specifically targeting Iranian machines. The group gained privileged access to Aqua Security's GitHub account to compromise Trivy, then spread malware that automatically scoured infected systems for npm access tokens, poisoning 28 packages in under 60 minutes with malicious code that could infect any developer downloading those packages.
This attack reveals how fragile our development infrastructure really is. When attackers can compromise a single GitHub account and instantly poison tools used by thousands of developers worldwide, it exposes the brittle trust model underlying modern software supply chains. The worm's evolution from manual to fully automated spreading shows sophisticated adversaries are industrializing these attacks, turning compromised developer machines into force multipliers.
What makes this particularly concerning is TeamPCP's use of Internet Computer Protocol canisters—supposedly tamper-proof smart contracts—to control their botnet. While Aikido researcher Charlie Eriksen confirmed the canister was taken down Sunday night, proving it wasn't as "untouchable as they expected," the attempt shows attackers experimenting with blockchain infrastructure for command and control. The simultaneous deployment of Iranian-targeting wipers suggests either geopolitical motivations or testing different payloads on the same infrastructure.
Developers need to audit their CI/CD pipelines immediately and implement proper token rotation. If you're running Trivy or recently updated npm packages, assume compromise until proven otherwise. The automation scale here—28 packages poisoned in 60 seconds—means manual security reviews won't cut it anymore.