npm Packages Hit with TeamPCP-Style CanisterWorm Malware
Malicious npm packages associated with Namastex.ai were compromised with malware exhibiting tradecraft similar to TeamPCP's CanisterWorm campaign. The attack targeted packages including @automagik/genie and pgserve, implementing install-time execution that harvests credentials, environment variables, SSH keys, cloud credentials, browser data, and crypto-wallet artifacts. The payload exfiltrates stolen data to both a conventional webhook at telemetry.api-monitor.com and an Internet Computer Protocol canister endpoint. It incorporates self-propagation logic to compromise additional npm packages using stolen publishing tokens and includes cross-ecosystem spreading capabilities targeting PyPI. The malware uses hybrid encryption with RSA and AES-256-CBC for data exfiltration. Multiple package namespaces were affected, suggesting shared infrastructure or coordinated compromise across publisher accounts.
AI Analysis
Technical Summary
This threat involves malicious npm packages associated with Namastex.ai that have been compromised with malware exhibiting tradecraft similar to the TeamPCP CanisterWorm campaign. The attack targets npm packages such as @automagik/genie and pgserve, executing code during installation to harvest sensitive data including credentials, environment variables, SSH keys, cloud credentials, browser data, and crypto-wallet artifacts. Stolen data is exfiltrated to both a traditional webhook endpoint at telemetry.api-monitor.com and an Internet Computer Protocol (ICP) canister endpoint. The malware incorporates self-propagation mechanisms by using stolen publishing tokens to compromise additional npm packages and extends its reach to PyPI packages, indicating cross-ecosystem spreading capabilities. Data exfiltration employs hybrid encryption using RSA and AES-256-CBC. The compromise affects multiple package namespaces, suggesting either shared infrastructure or coordinated attacks across publisher accounts. Indicators include specific hashes and domains related to the malware infrastructure. No known exploits in the wild or vendor advisories with patches are currently documented.
Potential Impact
The malware harvests a wide range of sensitive information including credentials, environment variables, SSH keys, cloud credentials, browser data, and crypto-wallet artifacts, potentially leading to credential theft, unauthorized access, and further compromise of development environments and cloud resources. The self-propagating nature of the malware increases the risk of widespread supply chain contamination across npm and PyPI ecosystems. The use of hybrid encryption for exfiltration complicates detection and analysis. Multiple package namespaces being affected indicates a broad impact on the software supply chain for affected packages.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. In the absence of official patches or advisories, users should audit and verify the integrity of npm packages before installation, especially those associated with Namastex.ai and the identified compromised packages (@automagik/genie, pgserve). Revoke and rotate any publishing tokens that may have been compromised to prevent further propagation. Monitor for indicators of compromise such as the provided hashes and domains. Consider isolating build environments and restricting automated publishing workflows until the threat is fully mitigated. Follow updates from trusted security sources and vendor advisories for official remediation steps.
Indicators of Compromise
- hash: 834b6e5db5710b9308d0598978a0148a9dc832361f1fa0b7ad4343dcceba2812
- hash: 87259b0d1d017ad8b8daa7c177c2d9f0940e457f8dd1ab3abab3681e433ca88e
- hash: c19c4574d09e60636425f9555d3b63e8cb5c9d63ceb1c982c35e5a310c97a839
- url: http://cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io/drop
- url: https://telemetry.api-monitor.com/v1/drop
- url: https://telemetry.api-monitor.com/v1/telemetry
- url: https://telemetry.api-monitor.com/v1/telemetry'
- domain: cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io
- domain: telemetry.api-monitor.com
npm Packages Hit with TeamPCP-Style CanisterWorm Malware
Description
Malicious npm packages associated with Namastex.ai were compromised with malware exhibiting tradecraft similar to TeamPCP's CanisterWorm campaign. The attack targeted packages including @automagik/genie and pgserve, implementing install-time execution that harvests credentials, environment variables, SSH keys, cloud credentials, browser data, and crypto-wallet artifacts. The payload exfiltrates stolen data to both a conventional webhook at telemetry.api-monitor.com and an Internet Computer Protocol canister endpoint. It incorporates self-propagation logic to compromise additional npm packages using stolen publishing tokens and includes cross-ecosystem spreading capabilities targeting PyPI. The malware uses hybrid encryption with RSA and AES-256-CBC for data exfiltration. Multiple package namespaces were affected, suggesting shared infrastructure or coordinated compromise across publisher accounts.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This threat involves malicious npm packages associated with Namastex.ai that have been compromised with malware exhibiting tradecraft similar to the TeamPCP CanisterWorm campaign. The attack targets npm packages such as @automagik/genie and pgserve, executing code during installation to harvest sensitive data including credentials, environment variables, SSH keys, cloud credentials, browser data, and crypto-wallet artifacts. Stolen data is exfiltrated to both a traditional webhook endpoint at telemetry.api-monitor.com and an Internet Computer Protocol (ICP) canister endpoint. The malware incorporates self-propagation mechanisms by using stolen publishing tokens to compromise additional npm packages and extends its reach to PyPI packages, indicating cross-ecosystem spreading capabilities. Data exfiltration employs hybrid encryption using RSA and AES-256-CBC. The compromise affects multiple package namespaces, suggesting either shared infrastructure or coordinated attacks across publisher accounts. Indicators include specific hashes and domains related to the malware infrastructure. No known exploits in the wild or vendor advisories with patches are currently documented.
Potential Impact
The malware harvests a wide range of sensitive information including credentials, environment variables, SSH keys, cloud credentials, browser data, and crypto-wallet artifacts, potentially leading to credential theft, unauthorized access, and further compromise of development environments and cloud resources. The self-propagating nature of the malware increases the risk of widespread supply chain contamination across npm and PyPI ecosystems. The use of hybrid encryption for exfiltration complicates detection and analysis. Multiple package namespaces being affected indicates a broad impact on the software supply chain for affected packages.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. In the absence of official patches or advisories, users should audit and verify the integrity of npm packages before installation, especially those associated with Namastex.ai and the identified compromised packages (@automagik/genie, pgserve). Revoke and rotate any publishing tokens that may have been compromised to prevent further propagation. Monitor for indicators of compromise such as the provided hashes and domains. Consider isolating build environments and restricting automated publishing workflows until the threat is fully mitigated. Follow updates from trusted security sources and vendor advisories for official remediation steps.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://socket.dev/blog/namastex-npm-packages-compromised-canisterworm"]
- Adversary
- TeamPCP
- Pulse Id
- 69e8f5ba273a5389cb4d03f5
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash834b6e5db5710b9308d0598978a0148a9dc832361f1fa0b7ad4343dcceba2812 | — | |
hash87259b0d1d017ad8b8daa7c177c2d9f0940e457f8dd1ab3abab3681e433ca88e | — | |
hashc19c4574d09e60636425f9555d3b63e8cb5c9d63ceb1c982c35e5a310c97a839 | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io/drop | — | |
urlhttps://telemetry.api-monitor.com/v1/drop | — | |
urlhttps://telemetry.api-monitor.com/v1/telemetry | — | |
urlhttps://telemetry.api-monitor.com/v1/telemetry' | — |
Domain
| Value | Description | Copy |
|---|---|---|
domaincjn37-uyaaa-aaaac-qgnva-cai.raw.icp0.io | — | |
domaintelemetry.api-monitor.com | — |
Threat ID: 69e9e47e87115cfb68f3d15a
Added to database: 4/23/2026, 9:21:02 AM
Last enriched: 4/23/2026, 9:36:06 AM
Last updated: 4/24/2026, 6:06:01 AM
Views: 138
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.