Self-propagating malware poisons open source software and wipes Iran-based machines

A hacking group named TeamPCP is spreading a new self-propagating backdoor and data wiper targeting Iranian machines. The group has been using a worm to compromise cloud-hosted platforms for various malicious activities like data exfiltration, ransomware deployment, extortion, and cryptocurrency mining. TeamPCP recently compromised the Trivy vulnerability scanner through a supply-chain attack and spread potent malware that automatically infects new machines without user interaction. The malware targets npm repository access tokens and creates new versions of packages with malicious code. The worm is controlled by a tamper-proof mechanism using an Internet Computer Protocol-based canister, allowing attackers to constantly change control server URLs.