In an email, Aikido researcher Charlie Eriksen said the container was removed Sunday night and is no longer available.
“He wasn’t as trustworthy/untouchable as they expected,” Eriksen wrote. “But for a while, it would have wiped systems if it was infected.”
Like the previous TeamPCP malware, CanisterWorm, as Aikido has named the malware, targets organizations. CI/CD pipelines It is used for rapid software development and deployment.
“Every developer or CI channel that installs this package and has an accessible npm token becomes an unintended propagation vector,” Eriksen wrote. “Your packages get infected, your downstream users install them, and if any of them have tokens, the cycle repeats.”
As the weekend progressed, CanisterWorm was updated to add an additional payload: a cleaner that targets machines exclusively in Iran. When the updated worm infects machines, it checks whether the machine is located in the Iranian time zone or is configured for use in that country. When either condition was met, the malware no longer activated the credential stealer and instead activated a novel cleaner that TeamPCP developers called Kamikaze. Eriksen said in an email that there is no indication yet that the worm has caused any real damage to Iranian machines, but that there was “clear potential for large-scale impact if it achieves active propagation.”
Eriksen said that Kamikaze’s “decision tree is simple and brutal.”
- Kubernetes + Iran: Implement a DaemonSet that deletes all nodes in the cluster
- Kubernetes + elsewhere: Deploy a DaemonSet that installs the CanisterWorm backdoor on each node
- No Kubernetes + Iran:
rm -rf / --no-preserve-root - There is no Kubernetes+ anywhere else: Exit. No problem.
That TeamPCP targets a country with which the United States is currently at war is a curious choice. Until now the group’s motivation has been economic benefit. Without a clear connection to monetary gains, the cleaner seems out of place for TeamPCP. Eriksen said Aikido still doesn’t know the reason. He wrote:
While there may be an ideological component, it could also be a deliberate attempt to draw attention to the group. Historically, TeamPCP appears to be financially motivated, but there are signs that visibility is becoming a goal in itself. By pursuing security tools and open source projects, including Checkmarx starting today, they are sending a clear and deliberate signal.
The trick that keeps on giving
Trivy’s supply chain engagement last week was made possible by a prior engagement from Aqua Security in late February. Although the company’s incident response aimed to replace all compromised credentials, the rotation was incomplete, allowing TeamPCP to take control of the GitHub account to distribute the vulnerability scanner. Aqua Security said it was conducting a more extensive credentials purge in response.
