CanisterWorm Malware Targets CI/CD Pipelines, Includes Iran-Focused Wiper
A self-propagating worm dubbed CanisterWorm, originating from a supply chain attack targeting the vulnerability scanner Trivy, has been updated with a wiper component specifically designed to target systems in Iran. The development, first reported by Aikido Security, marks a shift in tactics for the financially motivated cybercriminal operation known as TeamPCP, raising questions about their evolving motives.
The initial compromise of Trivy, an Aqua Security product, stemmed from a previous breach of Aqua Security itself in late February. TeamPCP exploited incomplete credential rotation following that incident to gain control of the GitHub account used to distribute Trivy, injecting malicious code into official releases. This allowed the group to compromise CI/CD pipelines – automated systems used for software development and deployment – turning them into unwitting vectors for the worm’s spread.
“Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector,” explained Charlie Eriksen, a researcher at Aikido Security. “Their packages get infected, their downstream users install those, and if any of them have tokens, the cycle repeats.”
As the weekend progressed, TeamPCP updated CanisterWorm to include Kamikaze, a wiper that activates based on a system’s timezone or default language settings. If a machine is detected to be in the Iranian timezone or configured for Farsi, Kamikaze bypasses the original credential-stealing function and initiates a destructive wipe. For Kubernetes clusters in Iran, the wiper deploys a DaemonSet to wipe every node. For non-Kubernetes systems in Iran, it executes the command `rm -rf / –no-preserve-root`, effectively deleting all data. On systems outside of Iran, the worm continues to operate as a backdoor installer within Kubernetes environments.
While Eriksen noted that there was no immediate evidence of widespread damage in Iran as of Sunday night, he emphasized the “clear potential for large-scale impact if it achieves active spread.” The Internet Computer (ICP) canister used as a command-and-control (C2) server was taken down Sunday night, but Eriksen acknowledged that the infrastructure’s decentralized nature had initially made it resilient to takedown efforts. “It wasn’t as reliable/untouchable as they expected,” he wrote in an email. “But for a while, it would have wiped systems if infected.”
The shift towards targeting Iran is unusual for TeamPCP, which has historically focused on financial gain through data theft and extortion. KrebsOnSecurity reported that the group began compromising corporate cloud environments in December 2025, targeting exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. Flare security firm noted in January that TeamPCP excels at automating and integrating existing attack techniques, focusing on cloud infrastructure, particularly Azure (61%) and AWS (36%).
Eriksen expressed uncertainty about the motive behind the wiper attack, suggesting it could be either ideologically driven or a deliberate attempt to attract attention. “While there may be an ideological component, it could just as easily be a deliberate attempt to draw attention to the group,” he wrote. “Historically, TeamPCP has appeared to be financially motivated, but there are signs that visibility is becoming a goal in itself. By going after security tools and open-source projects, including Checkmarx as of today, they are sending a clear and deliberate signal.”
Aqua Security stated it was conducting a more thorough credential purge in response to the initial compromise, but the incident highlights the ongoing challenges of securing software supply chains and the potential for malicious actors to exploit vulnerabilities in widely used tools.