"CanisterWorm, as Aikido has named the malware, targets organizations' CI/CD pipelines used for rapid development and deployment of software. Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector."
"When the updated worm infects machines, it checks if the machine is in the Iranian timezone or is configured for use in that country. When either condition was met, the malware no longer activated the credential stealer and instead triggered a novel wiper that TeamPCP developers named Kamikaze."
"Eriksen said in an email that there's no indication yet that the worm caused actual damage to Iranian machines, but that there was clear potential for large-scale impact if it achieves active spread."
"TeamPCP's targeting of a country that the US is currently at war with is a curious choice. Up to now the group's motivation has been financial gain."
CanisterWorm, a malware targeting CI/CD pipelines, was taken down after being deemed unreliable. It can infect developers' packages, creating a propagation cycle. An updated payload, named Kamikaze, specifically targets machines in Iran, activating a wiper instead of a credential stealer. The malware checks for Iranian timezone settings before executing. While no damage has been reported, the potential for large-scale impact exists. TeamPCP's shift from financial motives to targeting Iran raises questions about their intentions.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]