"Application security vendors Socket and StepSecurity say a self-propagating CanisterWorm-style malware strain hit multiple npm packages tied to Namastex Labs, an agentic AI company."
"Socket says this latest worm-enabled security incident shares several similarities with the earlier CanisterWorm infections attributed to TeamPCP following the threat actor's Trivy supply chain attack last month."
"While the canister used in the Namastex-linked packages is not the exact same one Socket documented in the earlier CanisterWorm campaign linked to TeamPCP, Socket's research team noted 'strong overlap' in attack techniques, tradecraft, and code lineage."
A self-propagating malware strain has compromised several npm packages associated with Namastex Labs, targeting specialized developer workflows. The attack involves multiple versions of packages like @automagik/genie and pgserve. Security vendors Socket and StepSecurity report that the malware shares techniques with earlier CanisterWorm infections linked to TeamPCP. The full extent of the attack is still under investigation, with additional malicious versions being identified. The compromised packages were published on April 21, and the attack employs similar adversarial methods as previous incidents.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]