On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor group TeamPCP. We track this…
First seen on securityboulevard.com
Jump to article: securityboulevard.com/2026/03/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/
