A new hacking group, TeamPCP, is conducting a sophisticated, persistent campaign using self-propagating malware. The group recently compromised the widely used Trivy vulnerability scanner in a supply-chain attack and is now automatically poisoning npm packages to spread a worm and a data wiper that specifically targets Iranian machines. The campaign demonstrates advanced automation and poses a significant threat to open-source software ecosystems.
Background
Supply-chain attacks targeting open-source repositories and widely used developer tools have become an increasingly common and high-impact threat vector in recent years. These attacks exploit trust in software dependencies to spread malware at scale.
- Source
- Ars Technica
- Published
- Mar 24, 2026 at 08:38 PM
- Score
- 9.0 / 10