Stopping Self-Spreading Worms When You Can't Kill the Server

On March 20, 2026, Aikido Security detected CanisterWorm spreading across the npm ecosystem. Within hours, it had compromised more than 50 packages across multiple scopes. The attack used the Internet Computer Protocol (ICP) for command-and-control—a decentralized blockchain network that doesn't have a single server you can take down.

This isn't theoretical. TeamPCP exploited a GitHub Actions misconfiguration in Trivy, a widely-used vulnerability scanner, to seed the initial infection. From there, the worm used stolen npm tokens to publish malicious versions of legitimate packages. Traditional response strategies assume you can sinkhole a domain or seize a server. Those assumptions just broke.

Here's how to defend against decentralized C2 infrastructure and self-propagating supply chain attacks when the old strategies don't work.

Preparation Checklist

Infrastructure Access:

• Read/write access to your npm organization settings
• Admin rights to GitHub Actions workflows across repositories
• Access to your artifact registry (npm Enterprise, Artifactory, or similar)
• Network egress controls (firewall rules, proxy configurations)

Tools:

• Socket.dev, Snyk, or similar dependency analysis platform with real-time monitoring
• SIEM with npm audit log ingestion capability
• Version control for package-lock.json files across all projects

Information:

• Complete inventory of npm scopes your organization publishes under
• List of all npm tokens in use (automation, CI/CD, developer machines)
• Documentation of which packages your team maintains vs. consumes

Step-by-Step Implementation

1. Lock Down Token Propagation

The worm spreads by stealing npm tokens from CI/CD environments and using them to publish malicious versions. Break this chain first.

Rotate all npm tokens immediately:

# List all tokens
npm token list

# Revoke each token
npm token revoke <token-id>

# Create new tokens with IP restrictions
npm token create --cidr=<your-ci-ip-range>

Configure GitHub Actions to use short-lived tokens:

Replace static NPM_TOKEN secrets with GitHub's OIDC provider. In your workflow:

permissions:
  id-token: write
  contents: read

- name: Configure npm authentication
  run: |
    echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
  env:
    NPM_TOKEN: ${{ secrets.NPM_PUBLISH_TOKEN }}

Then set token expiration in your npm organization settings to 1 hour maximum. Any token older than this should trigger an alert.

2. Implement Egress Filtering for Blockchain Networks

Decentralized C2 infrastructure communicates over non-standard protocols. ICP uses specific network identifiers that you can block.

Add egress rules to your network firewall:

Block outbound connections to ICP boundary nodes. The protocol uses HTTPS to specific domains, but also direct connections to node IPs. Work with your network team to:

• Block connections to known ICP boundary node domains (these change, so use threat intelligence feeds)
• Restrict outbound HTTPS to approved destinations only from CI/CD runners
• Monitor for DNS queries to .ic0.app and .raw.ic0.app domains

In AWS Security Groups:

aws ec2 revoke-security-group-egress \
  --group-id sg-xxxxx \
  --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges='[{CidrIp=0.0.0.0/0}]'

aws ec2 authorize-security-group-egress \
  --group-id sg-xxxxx \
  --ip-permissions IpProtocol=tcp,FromPort=443,ToPort=443,IpRanges='[{CidrIp=<your-approved-registry-ip>/32}]'

3. Secure CI/CD Pipeline Configuration

TeamPCP exploited a GitHub Actions misconfiguration. Audit every workflow file in your repositories.

Check for these specific vulnerabilities:

# Find workflows with overly permissive token access
grep -r "permissions:" .github/workflows/
# Look for: permissions: write-all or missing permissions block

# Find workflows that install dependencies without verification
grep -r "npm install" .github/workflows/
# Should see --ignore-scripts flag

Fix each workflow:

• Add explicit permissions: blocks with minimum required scopes
• Use npm ci --ignore-scripts instead of npm install
• Pin action versions to commit SHAs, not tags: uses: actions/setup-node@abc123 not @v3
• Enable branch protection requiring PR reviews for .github/workflows/ changes

4. Deploy Runtime Package Verification

Install verification at the point packages are consumed, not just when they're published.

Add a postinstall verification script to your projects:

{
  "scripts": {
    "postinstall": "node verify-packages.js"
  }
}

In verify-packages.js:

const crypto = require('crypto');
const fs = require('fs');

// Check package-lock.json hasn't been modified
const lockfile = fs.readFileSync('package-lock.json');
const hash = crypto.createHash('sha256').update(lockfile).digest('hex');

// Compare against known-good hash stored in version control
const expectedHash = process.env.EXPECTED_LOCK_HASH;
if (hash !== expectedHash) {
  console.error('package-lock.json integrity check failed');
  process.exit(1);
}

Store the expected hash in your CI/CD secrets, update it only through PR review.

Validation - How to Verify It Works

Test token restrictions: Attempt to publish a test package using an old token. This should fail:

npm publish --dry-run
# Expected: 401 Unauthorized

Test egress controls: From a CI/CD runner, attempt to connect to an ICP boundary node:

curl -v https://ic0.app
# Expected: Connection timeout or refused

Test workflow permissions: Create a PR that modifies a workflow file. Verify it requires review and cannot be merged by the PR author.

Monitor for anomalies: Set up alerts in your SIEM for:

• npm package publishes outside business hours
• Package version bumps without corresponding git tags
• Dependency installations that modify package-lock.json
• Outbound connections to blockchain-related domains from CI/CD infrastructure

Maintenance / Ongoing Tasks

Daily:

• Review npm audit logs for unexpected publishes
• Check SIEM alerts for blocked egress attempts to decentralized networks

Weekly:

• Audit npm token list for tokens older than 7 days
• Review dependency changes across all projects (use npm audit or Socket.dev dashboard)
• Verify no new GitHub Actions workflows were added without review

Monthly:

• Rotate all npm tokens (automate this)
• Update egress filtering rules with latest threat intelligence on decentralized C2 infrastructure
• Review and update the list of approved external registries

Quarterly:

• Full audit of all GitHub Actions configurations
• Penetration test focusing on CI/CD token theft scenarios
• Review and update incident response procedures for supply chain attacks

The shift to decentralized C2 infrastructure means you can't rely on takedowns anymore. Your defense has to happen at the boundaries—token management, network egress, and pipeline configuration. Implement these controls before the next worm finds your CI/CD environment.