Self-propagating malware poisons open source software and wipes Iran-based machines
Summary
Ars Technica reports on TeamPCP's self-propagating malware campaign that uses a worm-like backdoor and a data wiper targeting Iran-based machines. The piece details the evolution from cloud-proxy operations to compromising the Trivy scanner via Aqua Security, the CanisterWorm control via Internet Computer Protocol canisters, and spread through npm tokens and CI/CD pipelines. It underscores the increasing risk of open-source supply-chain attacks and the need for tight credential hygiene and monitoring of software supply chains.