‘CanisterWorm’ Springs Wiper Assault Concentrating on Iran – Krebs on Safety

A financially motivated information theft and extortion group is making an attempt to inject itself into the Iran warfare, unleashing a worm that spreads by means of poorly secured cloud companies and wipes information on contaminated programs that use Iran’s time zone or have Farsi set because the default language.

Specialists say the wiper marketing campaign in opposition to Iran materialized this previous weekend and got here from a comparatively new cybercrime group often known as TeamPCP. In December 2025, the group started compromising company cloud environments utilizing a self-propagating worm that went after uncovered Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. TeamPCP then tried to maneuver laterally by means of sufferer networks, siphoning authentication credentials and extorting victims over Telegram.

A snippet of the malicious CanisterWorm that seeks out and destroys information on programs that match Iran’s timezone or have Farsi because the default language. Picture: Aikido.dev.

In a profile of TeamPCP revealed in January, the safety agency Flare stated the group weaponizes uncovered management planes moderately than exploiting endpoints, predominantly concentrating on cloud infrastructure over end-user gadgets, with Azure (61%) and AWS (36%) accounting for 97% of compromised servers.

“TeamPCP’s energy doesn’t come from novel exploits or authentic malware, however from the large-scale automation and integration of well-known assault methods,” Flare’s Assaf Morag wrote. “The group industrializes current vulnerabilities, misconfigurations, and recycled tooling right into a cloud-native exploitation platform that turns uncovered infrastructure right into a self-propagating legal ecosystem.”

On March 19, TeamPCP executed a provide chain assault in opposition to the vulnerability scanner Trivy from Aqua Safety, injecting credential-stealing malware into official releases on GitHub actions. Aqua Safety stated it has since removed the dangerous information, however the safety agency Wiz notes the attackers have been capable of publish malicious variations that snarfed SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets from customers.

Over the weekend, the identical technical infrastructure TeamPCP used within the Trivy assault was leveraged to deploy a brand new malicious payload which executes a wiper assault if the consumer’s timezone and locale are decided to correspond to Iran, stated Charlie Eriksen, a safety researcher at Aikido. In a blog post revealed on Sunday, Eriksen stated if the wiper element detects that the sufferer is in Iran and has entry to a Kubernetes cluster, it can destroy information on each node in that cluster.

“If it doesn’t it can simply wipe the native machine,” Eriksen instructed KrebsOnSecurity.

Picture: Aikido.dev.

Aikido refers to TeamPCP’s infrastructure as “CanisterWorm” as a result of the group orchestrates their campaigns utilizing an Internet Computer Protocol (ICP) canister — a system of tamperproof, blockchain-based “sensible contracts” that mix each code and information. ICP canisters can serve Net content material on to guests, and their distributed structure makes them proof against takedown makes an attempt. These canisters will stay reachable as long as their operators proceed to pay digital foreign money charges to maintain them on-line.

Eriksen stated the folks behind TeamPCP are bragging about their exploits in a bunch on Telegram and declare to have used the worm to steal huge quantities of delicate information from main corporations, together with a big multinational pharmaceutical agency.

“After they compromised Aqua a second time, they took lots of GitHub accounts and began spamming these with junk messages,” Eriksen stated. “It was virtually like they have been simply displaying off how a lot entry that they had. Clearly, they’ve a whole stash of those credentials, and what we’ve seen to this point might be a small pattern of what they’ve.”

Safety specialists say the spammed GitHub messages might be a means for TeamPCP to make sure that any code packages tainted with their malware will stay distinguished in GitHub searches. In a e-newsletter revealed immediately titled GitHub is Starting to Have a Real Malware Problem, Dangerous Enterprise reporter Catalin Cimpanu writes that attackers typically are seen pushing meaningless commits to their repos or utilizing on-line companies that promote GitHub stars and “likes” to maintain malicious packages on the prime of the GitHub search web page.

This weekend’s outbreak is the second major supply chain attack involving Trivy in as many months. On the finish of February, Trivy was hit as a part of an automatic risk referred to as HackerBot-Claw, which mass exploited misconfigured workflows in GitHub Actions to steal authentication tokens.

Eriksen stated it seems TeamPCP used entry gained within the first assault on Aqua Safety to perpetrate this weekend’s mischief. However he stated there is no such thing as a dependable solution to inform whether or not TeamPCP’s wiper really succeeded in trashing any information from sufferer programs, and that the malicious payload was solely lively for a short while over the weekend.

“They’ve been taking [the malicious code] up and down, quickly altering it including new options,” Eriksen stated, noting that when the malicious canister wasn’t serving up malware downloads it was pointing guests to a Rick Roll video on YouTube.

“It’s just a little all over, and there’s an opportunity this complete Iran factor is simply their means of getting consideration,” Eriksen stated. “I really feel like these persons are actually enjoying this Chaotic Evil function right here.”

Cimpanu noticed that provide chain assaults have elevated in frequency of late as risk actors start to know simply how environment friendly they are often, and his submit paperwork an alarming variety of these incidents since 2024.

“Whereas safety corporations look like doing an excellent job recognizing this, we’re additionally gonna want GitHub’s safety staff to step up,” Cimpanu wrote. “Sadly, on a platform designed to repeat (fork) a challenge and create new variations of it (clones), recognizing malicious additions to clones of legit repos could be fairly the engineering drawback to repair.”

Replace, 2:40 p.m. ET: Wiz is reporting that TeamPCP additionally pushed credential stealing malware to the KICS vulnerability scanner from Checkmarx, and that the scanner’s GitHub Motion was compromised between 12:58 and 16:50 UTC immediately (March twenty third).