CanisterWorm Malware Targets Namastex.ai NPM Packages, Stealing Developer Credentials
Sonic Intelligence
New CanisterWorm malware variant compromises Namastex.ai NPM packages, stealing developer secrets.
Explain Like I'm Five
"Imagine you download a game, but inside it, there's a sneaky spy program that steals your secret passwords and money details from your computer. This spy program then tries to spread to other games. That's what happened here with some computer code tools, and it's a big problem for people who make computer programs."
Deep Intelligence Analysis
The attack specifically targets a wide array of sensitive information. It harvests environment variables commonly associated with secrets, tokens, cloud providers (AWS, Azure, GCP), CI/CD systems, and LLM platforms. Furthermore, it attempts to access high-value local files such as .npmrc, SSH keys, .git-credentials, and cloud configuration files. Critically, the payload also targets browser login storage and crypto-wallet data from applications like MetaMask, Phantom, Solana, Ethereum, and Bitcoin wallets. The exfiltration occurs via both a conventional HTTPS webhook and a hardcoded ICP canister endpoint, demonstrating a multi-channel data egress strategy. Affected packages, including @automagik/genie (6,744 weekly downloads) and pgserve (1,300 weekly downloads), highlight a focus on specialized developer tools.
This incident underscores the critical and persistent vulnerabilities within the software supply chain, particularly for developer-centric tools that are foundational to modern AI and software development. The use of advanced C2 infrastructure and self-propagation logic suggests an escalating sophistication in threat actor capabilities, demanding enhanced security protocols, continuous vigilance, and robust supply chain integrity checks from developers and platform providers. The compromise of AI-focused tooling could lead to broader systemic risks if stolen credentials are used to access or manipulate AI models, data, or critical infrastructure, necessitating an industry-wide re-evaluation of security postures.
Visual Intelligence
flowchart LR
A[Malicious NPM Package] --> B[Install-Time Execution]
B --> C[Harvest Secrets]
C --> D[Target Browser Data]
D --> E[Target Wallet Data]
E --> F[Exfiltrate Data Webhook]
E --> G[Exfiltrate Data ICP Canister]
F --> H[C2 Server]
G --> H
Auto-generated diagram · AI-interpreted flow
Impact Assessment
This incident highlights persistent and sophisticated software supply chain vulnerabilities, particularly within developer tools and the AI ecosystem. The theft of credentials and sensitive data poses a significant risk of further system compromise and intellectual property theft.
Key Details
- The malware uses install-time execution, credential theft, off-host exfiltration, canister-backed C2, and self-propagation logic.
- An explicit code reference to a TeamPCP/LiteLLM method was found within the malicious payload.
- Affected packages are tied to Namastex Labs (Namastex.ai), including @automagik/genie (6,744 weekly downloads) and pgserve (1,300 weekly downloads).
- The malware harvests sensitive environment variables, including .npmrc, SSH keys, cloud credentials (AWS, Azure, GCP), Kubernetes/Docker config, and database passwords.
- It targets browser and crypto-wallet data, specifically Chrome login storage, MetaMask, Phantom, Solana, Ethereum, Bitcoin, Exodus, and Atomic Wallet files.
- Stolen data is exfiltrated to `https://telemetry.api-monitor[.]com/v1/telemetry` and an ICP canister endpoint with ID `cjn37-uyaaa-aaaac-qgnva-cai`.
Optimistic Outlook
Rapid identification and detailed analysis of this sophisticated CanisterWorm variant can lead to enhanced supply chain security protocols and improved detection mechanisms across the developer ecosystem. This proactive response strengthens defenses against future, similar attacks.
Pessimistic Outlook
The use of advanced techniques like canister-backed command and control and self-propagation logic indicates evolving threat actor capabilities. This could lead to more widespread, harder-to-detect supply chain compromises, posing a continuous and escalating risk to critical development infrastructure.
Get the next signal in your inbox.
One concise weekly briefing with direct source links, fast analysis, and no inbox clutter.
More reporting around this signal.
Related coverage selected to keep the thread going without dropping you into another card wall.
