Self-propagating malware wipes Iran-based machines
6 hours ago
- #hacking
- #cybersecurity
- #malware
- A new hacking group named TeamPCP is conducting a persistent campaign spreading a unique backdoor and a data wiper targeting Iranian machines.
- TeamPCP first emerged in December, using a worm to target insecure cloud-hosted platforms to build a proxy and scanning infrastructure for various malicious activities.
- The group is known for its large-scale automation and integration of well-known attack techniques.
- Recently, TeamPCP compromised all versions of the Trivy vulnerability scanner in a supply-chain attack by accessing Aqua Security's GitHub account.
- The group spread worm-enabled malware that automatically infects machines, targeting npm repository tokens and compromising publishable packages with malicious code.
- The malware was observed targeting 28 packages in under 60 seconds and evolved to spread without manual intervention.
- The worm is controlled by a tamper-proof mechanism using an Internet Computer Protocol-based canister, allowing attackers to change malicious server URLs dynamically.
- Infected machines report to the canister every 50 minutes.