Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Published: 1 day ago (April 22, 2026 at 01:33 PM EDT)

1 min read

Source: The Hacker News

Overview

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self‑propagating worm that spreads through stolen developer npm tokens.

The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data.

Back to Blog

New npm supply-chain attack self-spreads to steal auth tokens

!https://www.bleepstatic.com/content/hl-images/2022/07/05/NPM_logo_headpic.jpg A new supply‑chain attack targeting the Node Package Manager npm ecosystem is ste...

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal...

Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet

Researchers have finally cracked Fast16, a mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and li...

Bitwarden CLI npm package compromised to steal developer credentials

markdown !Bitwarden logohttps://www.bleepstatic.com/content/hl-images/2023/03/08/Bitwarden_headpic.jpg Updated with further information from Bitwarden. What hap...

Overview

Related posts

New npm supply-chain attack self-spreads to steal auth tokens

26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases

Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet

Bitwarden CLI npm package compromised to steal developer credentials