In an email, Aikido researcher Charlie Eriksen said the canister was taken down Sunday night and is no longer available.
“It wasn’t as reliable/untouchable as they expected,” Eriksen wrote. “But for a while, it would have wiped systems if infected.”
Like previous TeamPCP malware, CanisterWorm, as Aikido has named the malware, targets organizations’ CI/CD pipelines used for rapid development and deployment of software.
“Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector, Eriksen wrote. “Their packages get infected, their downstream users install those, and if any of them have tokens, the cycle repeats.”
As the weekend progressed, CanisterWorm was updated to add an additional payload: a wiper that targets machines exclusively in Iran. When the updated worm infects machines, it checks if the machine is in the Iranian timezone or is configured for use in that country. When either condition was met, the malware no longer activated the credential stealer and instead triggered a novel wiper that TeamPCP developers named Kamikaze. Eriksen said in an email that there’s no indication yet that the worm caused actual damage to Iranian machines, but that there was “clear potential for large-scale impact if it achieves active spread.”
Eriksen said Kamikaze’s “decision tree is simple and brutal.”
- Kubernetes + Iran: Deploy a DaemonSet that wipes every node in the cluster
- Kubernetes + elsewhere: Deploy a DaemonSet that installs the CanisterWorm backdoor on every node
- No Kubernetes + Iran:
rm -rf / --no-preserve-root - No Kubernetes + elsewhere: Exit. Nothing happens.
TeamPCP’s targeting of a country that the US is currently at war with is a curious choice. Up to now the group’s motivation has been financial gain. With no clear connection to monetary profit, the wiper seems out of character for TeamPCP. Eriksen said Aikido still doesn’t know the motive. He wrote:
While there may be an ideological component, it could just as easily be a deliberate attempt to draw attention to the group. Historically, TeamPCP has appeared to be financially motivated, but there are signs that visibility is becoming a goal in itself. By going after security tools and open-source projects, including Checkmarx as of today, they are sending a clear and deliberate signal.
The hack that keeps on giving
Last week’s supply-chain compromise of Trivy was made possible by a previous compromise of Aqua Security in late February. Although the company’s incident response was intended to replace all compromised credentials, the rotation was incomplete, allowing TeamPCP to take control of the GitHub account for distributing the vulnerability scanner. Aqua Security said it was performing a more thorough credential purge in response.
