**Hacker Pranks: Trivy Supply Chain Attack Spreads, Infects 47 npm Packages**
A devastating supply chain attack has left a trail of destruction in its wake, compromising the integrity of 47 npm packages and potentially putting thousands of developers at risk. The malicious actor, believed to be part of the TeamPCP cloud-focused cybercriminal operation, exploited a vulnerability in Trivy's GitHub account to inject malware into several high-profile projects.
According to reports, the attack began on March 19 when threat actors used compromised credentials to force-push malicious dependencies into trivy-action tags and setup-trivy tags. The malware, which has been dubbed CanisterWorm, was designed to spread rapidly across npm packages, leveraging a postinstall hook to execute a loader that dropped a Python backdoor.
**A Complex Web of Vulnerabilities**
The attack on Trivy's GitHub account is believed to have stemmed from a separate compromise last month. In this incident, attackers managed to obtain write access to the Trivy account, allowing them to force-update version tags and inject malicious commits. Although maintainers rotated tokens and secrets in response, the process was not fully "atomic," leaving behind credential artifacts that could be used maliciously.
The compromised Trivy VS Code extension allowed attackers to perform authenticated operations, including force-pushing existing version tags to point to new malicious commits. This tactic enabled the threat actor to maximize their blast radius, infecting 47 npm packages in the process.
**A Self-Propagating Worm**
One of the most concerning aspects of this attack is the self-propagating nature of CanisterWorm. Once installed, the malware uses a systemd user service to automatically start the Python backdoor after a 5-second delay. The service masquerades as PostgreSQL tooling ("pgmon") in an attempt to fly under the radar.
In tandem with the backdoor, the packages come with a "deploy.js" file that attackers use manually to spread the malicious payload to every package a stolen npm token provides access to. This approach allows the worm to propagate rapidly across the npm ecosystem, potentially putting thousands of developers at risk.
**The Fallout**
The potential fallout from this attack is severe. Trivy's maintainer has confirmed that all compromised packages have been removed from affected registries and channels. However, the damage may already be done, with many developers potentially having installed malicious versions of trivy-action tags or setup-trivy tags.
Security firms Socket and Wiz have warned that any CI/CD pipeline using software that references compromised version tags executes code as soon as the Trivy scan is run. This means that attackers could potentially gain access to sensitive data, including GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens, and more.
**Lessons Learned**
This attack highlights the importance of supply chain security in preventing large-scale breaches. It also underscores the need for developers to be vigilant when working with third-party dependencies and to regularly review their pipeline secrets for potential compromise.
As Aikido Security researcher Charlie Eriksen noted, "Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector. Their packages get infected, their downstream users install those, and if any of them have tokens, the cycle repeats."
**Conclusion**
The Trivy supply chain attack is a stark reminder of the dangers of compromised dependencies and the importance of prioritizing security in software development. As we continue to navigate the complex world of cybersecurity, it's essential that developers remain vigilant and take proactive steps to prevent similar attacks from occurring in the future.
In the meantime, maintainers are urged to rotate their pipeline secrets immediately and review their dependencies for potential compromise. By working together, we can prevent the spread of malicious code and ensure a safer, more secure development ecosystem for all.