惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
博客园 - 叶小钗
AI
AI
T
Tor Project blog
Forbes - Security
Forbes - Security
W
WeLiveSecurity
博客园_首页
爱范儿
爱范儿
J
Java Code Geeks
B
Blog
G
GRAHAM CLULEY
aimingoo的专栏
aimingoo的专栏
Cloudbric
Cloudbric
C
CXSECURITY Database RSS Feed - CXSecurity.com
TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
有赞技术团队
有赞技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
Google DeepMind News
Google DeepMind News
H
Help Net Security
博客园 - 三生石上(FineUI控件)
C
Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 司徒正美
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
S
Secure Thoughts
Spread Privacy
Spread Privacy
F
Fortinet All Blogs
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Scott Helme
Scott Helme
Hugging Face - Blog
Hugging Face - Blog

2024 Sonatype Blog

Open Source, Open Infrastructure, and the Space Between Request for Comments: CARE and Maven Central Q2 2026 Open Source Malware Index AI Is Forcing a New Open Source Security Model Vulnerability Prioritization Is Missing the AI-Era Point The Hidden National Security Threat Inside AI-Driven Software Miasma Returns: Leo Platform Compromise in npm The Rise of Collective Defense for Open Source Signal Over Noise: Reachability Analysis Is the Reality Check SCA Has Been Missing Software Security Has to Start at Assembly easy-day-js Targets Mastra, Dependency Attacks Grow Open Publishing, Commercial Scale Software Dependency Cooldowns Are a Symptom, Not a Strategy Atomic Arch npm Campaign Adds Malicious Dependency From SBOMs to AI BOMs: Why SPDX 3.0 Matters Mythos Found 10,000 Vulnerabilities. The Bigger Challenge Is Fixing Them New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages Lazarus Group's Latest: Brandjacking Campaign on npm 5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook The AI Race Is Becoming a Remediation Race Red Hat Cloud Services npm Packages Hijacked Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies AI Is Making Software Autonomous, and Governance Must Follow Your Outdated Repository Still Works, But It May Not Be Safe Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT AppSec Tools Explained: SAST vs SCA vs DAST | Sonatype Managing Open Source Software Risks With the HeroDevs EOL Dashboard Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target Building Trusted AI Development With Kiro and Sonatype Guide How to Build a Software Supply Chain Security Playbook The Evolution of Open Source Malware: From Volume to Trust Abuse The Mythos AI Vulnerability Storm: What to Do Next Malicious PyTorch Lightning Packages Found on PyPI Why Developer Experience Is the Foundation of DevSecOps Success Open is Not Costless: Reclaiming Sustainable Infrastructure Q1 Updates in Nexus Repository: More Formats, Stronger Operations, and a Better Day-to-Day Experience The Time Is Now to Prepare for CRA Enforcement Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition Mythos and the AI Vulnerability Storm: Exploring the Control Point When AI Writes Code, Who Governs the Dependencies? Why Software Supply Chain Security Requires a New Playbook Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust Modernizing Nexus Repository: Moving Beyond OrientDB AI, DevSecOps, and the Future of Application Security: The Gartner® Report How Sonatype's Container Scanning Protects You From Zero-Days Axios Compromise on npm Introduces Hidden Malicious Package Is Your Repository Ready for What's Next? Autonomous Development and AI: Speed vs. Security Grounded Intelligence Ensures Safe AI Software Development Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds Sonatype Discovers Two Malicious npm Packages
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths
research@son · 2026-04-24 · via 2024 Sonatype Blog

TL;DR

  • An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more.

  • From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread.

  • Impacted organizations should remove the malware immediately, examine exposed secrets, and monitor for compromised publishing.

A newly disclosed malicious npm campaign (by StepSecurity and Socket), CanisterSprawl, is drawing attention for how effectively it pairs data theft with attempted account abuse, underscoring how quickly a single package install can escalate into broader software supply chain risk. Sonatype caught and quarantined all packages associated with this campaign.

Rather than remaining confined to a single compromised environment, this campaign appears designed to extend its reach by leveraging access gained during installation. That shifts the risk from isolated package malware to a potential pathway for wider ecosystem impact.

This is more than a case of isolated package malware. The immediate concern is the theft of local system and environment data, but what's more consequential is the apparent effort to abuse publisher access, potentially allowing attackers to use a trusted account to distribute additional malicious packages.

What Is Self-Propagating Malware?

Self-propagating malicious packages, sometimes called worm-like malware, do not need to exploit a complex technical weakness to create serious downstream risk. They only need to get installed in a trusted development environment.

Once installed, these packages can inspect the local system, harvest sensitive data, and interact with credentials or configuration files already present on the host.

In the case of CanisterSprawl, the added risk comes from the package's apparent attempt to publish malicious components under the victim's account. That shifts the threat from a single compromised machine to potential ecosystem-wide abuse through trusted publisher channels.

Attacker Automation Turns Stolen Credentials Into Trust Abuse

The malicious packages contain embedded code that executes automatically during installation. Once triggered, the malware:

  • Scans environment variables seeking credentials and developer tokens

  • Harvests browser credentials, crypto wallet data, and configuration files containing credentials

  • Exfiltrates collected data to an external server

  • Attempts to publish malicious packages using the victim’s account

  • Looks for an npm automation token machine and, if found, lists all the packages the token grants ‘write’ access to.

  • Then it downloads the packages, injects the malicious script itself into them, and re-publishes them to the registry. 

Even seemingly basic system data can provide attackers with valuable insight. Environment variables, in particular, often contain API keys, authentication tokens, internal service endpoints, deployment configurations, and other sensitive information.

The attempted publishing behavior is especially notable. It suggests the attacker's goal may not stop at local reconnaissance or data theft, but may extend to reusing compromised access to place new malicious packages into the ecosystem under the cover of a legitimate account.

As of this writing, compromised accounts include:

Downstream Risk and Ecosystem Impact

Any environment that installed the package should be treated as potentially exposed. The most immediate risk is data exfiltration from the host.

However, the more serious downstream concern is whether stolen credentials or access tokens could be used for further malicious activity, including:

  • Unauthorized package publishing.

  • Account takeover or abuse.

  • Lateral movement into other systems or services.

  • Compromise of downstream consumers.

This risk is amplified in developer and CI/CD environments, where environment variables and local configurations often contain privileged credentials. A single successful installation in these contexts can have cascading effects well beyond the original system.

This incident also reinforces how effective package impersonation remains. By mimicking legitimate dependencies, malicious packages can blend into routine workflows. In fast-moving development environments, a minor naming discrepancy can be enough to trigger execution within a trusted pipeline.

Recommended Actions

If your environment installed a malicious package, remove it immediately. Because this campaign steals sensitive data, organizations that have been impacted should also:

  • Investigate what data may have been exposed from the affected host.

  • Rotate any potentially compromised credentials, tokens, or API keys.

  • Review environment variables and local credentials for possible compromise.

  • Audit account activity for unauthorized publishing or access.

  • Verify dependency names and sources before reinstalling packages.

  • Confirm manifests and lockfiles do not reference an impersonating package.

How Sonatype Helps Protect Against This Growing Pattern

Modern package-based attacks are increasingly designed to appear benign long enough to gain execution in environments that already contain valuable secrets and privileged access. Once inside, even lightweight malicious behavior can have outsized consequences.

That is why incidents like CanisterSprawl matter.

The package itself is only the entry point. The real target is the surrounding environment: credentials, tokens, and trusted access paths.

Defending against this type of threat requires more than manual review or reactive controls. Organizations need the ability to identify and block malicious components before they are introduced into developer and build environments.

Security controls that evaluate component risk at the point of consumption can help prevent install-time malware from executing. Combined with high-quality package intelligence, these controls enable teams to distinguish legitimate dependencies from lookalikes and other high-risk components.

In fast-moving ecosystems like npm and PyPI, that proactive approach is critical. Once a malicious package reaches a trusted environment, the problem is no longer just a bad dependency. It becomes a broader incident involving exposed secrets, compromised accounts, and potential downstream impact.

Tags