Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages

Overview

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The name is a reference to the fact that the malware uses an ICP canister, which denotes a tamperproof smart contract on

Organisations Involved

The following organisations are mentioned in relation to this incident: Packages
The, Trivy Supply Chain Attack Triggers Self.

Multi-Source Coverage

This event has been reported across multiple outlets:

• Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages — thehackernews

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.