Cyber-crime Another npm supply chain worm is tearing through dev environments Plus, the payload references 'TeamPCP/LiteLLM method' Jessica Lyons Wed 22 Apr 2026 // 22:34 UTC Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers' environments, and it shares significant overlap with the open source infections attributed to TeamPCP last month. Application security vendors Socket and StepSecurity say a self-propagating CanisterWorm-style malware strain hit multiple npm packages tied to Namastex Labs, an agentic AI company. The campaign appears to target specialized developer workflows as opposed to broad consumer npm usage, with compromised packages including: @automagik/genie@4.260421.33 through 4.260421.39 pgserve@1.1.11 through 1.1.13 @fairwords/websocket@1.0.38 and 1.0.39 @fairwords/loopback-connector-es@1.4.3 and 1.4.4 @openwebconcept/design-tokens@1.0.3 @openwebconcept/theme-owc@1.0.3 Additional malicious versions are still being published and identified by the security shops, and as such the full scope of the supply chain attack remains under investigation. The compromised pgserve versions were initially published on April 21 at 22:14 UTC, followed by two more malicious releases of the same package later that day, according to StepSecurity. Socket says this latest worm-enabled security incident shares several similarities with the earlier CanisterWorm infections attributed to TeamPCP following the threat actor's Trivy supply chain attack last month. These were dubbed the CanisterWorm attacks because the attackers used an ICP canister to deliver additional payloads and exfiltrate stolen data. While the canister used in the Namastex-linked packages is not the exact same one Socket documented in the earlier CanisterWorm campaign linked to TeamPCP, Socket's research team noted 'strong overlap' in attack techniques, tradecraft, and code lineage – but stopped short of attributing the latest npm package infections to TeamPCP. "In this newly discovered npm incident, the malware uses the same core adversarial methods: install-time execution, credential theft from developer environments, off-host exfiltration, canister-backed infrastructure, and self-propagation logic intended to compromise additional packages," Socket wrote. "The overlap is notable enough on its own, and malicious packages included an explicit code reference to a TeamPCP/LiteLLM method inside the malicious payload." Specifically, the payload references a "TeamPCP/LiteLLM method" for .pth file injection. Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise 1K+ cloud environments infected following Trivy supply chain attack AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack LiteLLM loses game of Trivy pursuit, gets compromised The malware collects tokens, credentials, API and SSH keys, and other secrets for cloud services, CI/CD systems, registries, Kubernetes and Docker configurations, and LLM platforms. It then exfiltrates stolen data to both a conventional webhook and an ICP canister endpoint, using the hardcoded canister ID cjn37-uyaaa-aaaac-qgnva-cai. Additionally, it attempts to steal browser extension data associated with MetaMask and Phantom, along with local cryptocurrency wallet files including Solana, Ethereum, Bitcoin, Exodus, and Atomic Wallet data. Plus, it contains logic to extract npm tokens from a developer's machine, identify packages the victim can publish, inject a new payload into those, and then republish the now-malicious packages. If the malware discovers PyPI credentials on victims' machines, it uses a similar self-propagation method to upload malicious Python packages as well. "In other words, this is not just a credential stealer," Socket warned. "It is designed to turn one compromised developer environment into additional package compromises." ® Share More about Cybercrime Malware Open Source More like these × More about Cybercrime Malware Open Source Security Supply Chain Narrower topics 2FA Advanced persistent threat Application Delivery Controller Audacity Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Digital Public Goods Encryption End Point Protection Exploit Firewall FOSDEM FOSS Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Jenkins Kenna Security MySQL NCSAM NCSC OpenInfra OpenOffice OpenStack Palo Alto Networks Password Personally Identifiable Information Phishing Proxmox Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Supply Chain Security Week Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Wikipedia WPF Zero trust More about Share POST A COMMENT More about Cybercrime Malware Open Source More like these × More about Cybercrime Malware Open Source Security Supply Chain Narrower topics 2FA Advanced persistent threat Application Delivery Controller Audacity Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Digital Public Goods Encryption End Point Protection Exploit Firewall FOSDEM FOSS Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Jenkins Kenna Security MySQL NCSAM NCSC OpenInfra OpenOffice OpenStack Palo Alto Networks Password Personally Identifiable Information Phishing Proxmox Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Supply Chain Security Week Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Wikipedia WPF Zero trust TIP US OFF Send us news