> TritonInfoSec News
Home / Apr 23, 2026 / Story
0
#5 BleepingComputer general April 22, 2026 at 12:57 UTC

New npm supply-chain attack self-spreads to steal auth tokens

By Bill Toulas

AI Summary

Socket and StepSecurity detected "CanisterSprawl," a self-propagating supply chain worm attacking the npm ecosystem that steals developer authentication tokens and spreads through compromised packages. The malware uses an Internet Computer Protocol (ICP) canister to exfiltrate stolen credentials and automatically publishes new malicious packages from hijacked developer accounts.

Read full article → https://www.bleepingcomputer.com/news/security/new…

Relevance score: 85.0/100

# More from April 23

  1. 1
    Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack The Hacker News
  2. 2
    Kyber ransomware gang toys with post-quantum encryption on Windows BleepingComputer
  3. 3
    Microsoft releases emergency patches for critical ASP.NET flaw BleepingComputer
  4. 4
    New Mirai campaign exploits RCE flaw in EoL D-Link routers BleepingComputer
  5. 6
    Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector The Record
  6. 7
    New GoGra malware for Linux uses Microsoft Graph API for comms BleepingComputer
  7. 8
    Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks BleepingComputer
  8. 9
    Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles The Hacker News
  9. 10
    Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens The Hacker News