Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

A supply chain attack on the Trivy scanner has spawned a self-propagating npm worm called CanisterWorm, affecting 47 packages across multiple scopes.

• •Attackers used a compromised credential to publish malicious trivy, trivy-action, and setup-trivy releases containing a credential stealer, attributed to a group called TeamPCP.
• •The infection chain uses a postinstall hook to drop a Python backdoor that contacts an ICP (Internet Computer blockchain) canister as a decentralized dead drop resolver to fetch C2 URLs.
• •Persistence is achieved via a systemd user service masquerading as PostgreSQL tooling ("pgmon") with Restart=always, polling the canister every 50 minutes.
• •A YouTube link acts as a kill switch: the backdoor skips execution when the C2 returns a youtube.com URL, allowing the attacker to arm/disarm payloads dynamically.