TI Mindmap HUB
Threat Intelligence Report

CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages

๐Ÿ“… March 21, 2026 ๐Ÿ“ฐ socket.dev ๐Ÿ” 0 CVE(s) referenced

A sophisticated supply chain attack dubbed CanisterWorm compromised legitimate npm publisher accounts to backdoor over 29 packages, using worm-like propagation and an Internet Computer Protocol (ICP) canister for remote payload delivery and persistent Linux host infection.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle