Articles / Security

TeamPCP 蠕虫毒化开源 npm 包,部署专门针对伊朗机器的神风擦除器

Available in: 中文
2026-03-29T20:56:24.980Z·1 min read
TeamPCP 入侵 Trivy 扫描器供应链,蠕虫利用被盗 npm 令牌自动传播,部署仅针对伊朗的 Kamikaze 擦除器。

黑客组织 TeamPCP 入侵 Aqua Security GitHub 账户 compromising 广泛使用的 Trivy 漏洞扫描器;通过 CanisterWorm 利用被盗 npm 令牌自动传播,60 秒内针对 28 个包。

Kamikaze 擦除器仅在检测到伊朗时区或配置时激活:Kubernetes 集群擦除所有节点,非 K8s 执行全盘擦除。其他地区仅安装后门或不执行任何操作。

TeamPCP 此前以金融动机为主,伊朗定向擦除器动机不明。研究建议:开发组织检查 npm 令牌,审计 CI/CD 管道中 Trivy 版本。

↗ Original source · 2026-03-29T00:00:00.000Z
malwaresupplychainnpmtrivyteampcpwormirancybersecurity
← Previous: Chatbot Sycophancy Found in 80%+ Messages During Delusional Conversations, Harms User Mental HealthNext: Wall Street Panic: VIX Spikes, Hedge Funds Dump Stocks as Goldman Sachs Warns of Bleak Equity Outlook →

Related Articles

Hacker compromises A16Z-backed phone farm, calling them the 'antichrist']
2026-04-14T04:44:56.014Z · Security
[36kr] 中信建投:受益军工补库/安全备货,持续看好战略金属投资机遇
2026-04-14T00:10:06.680Z · Security
The Dumbest Hack of the Year Exposed a Very Real Problem
2026-04-13T10:44:58.114Z · Security
Rockstar Games says hack will have ‘no impact’
2026-04-12T17:27:47.774Z · Security
Brocards for Vulnerability Triage]
2026-04-12T01:38:17.186Z · Security
Comments0