What is TeamPCP and where did they come from?

TeamPCP is a hacking group first observed in December by Flare, a security research team. They're notable for large-scale automation, worm-enabled malware, and expertise in supply chain attacks. Their origins remain unclear, but the inclusion of Iran-targeted tools suggests possible state-level involvement or geopolitical motives.

Can I tell if my npm packages were compromised?

Check npm's published advisories for affected packages. If you use Trivy, upgrade immediately to a patched version. For other packages: review the advisory list, check package changelogs for suspicious new versions released around the incident dates, and audit your dependencies with updated vulnerability scanners (from trusted sources).

Why is using blockchain for malware control actually a problem?

Because traditional takedown methods rely on seizing centralized servers or corrupting DNS records. Blockchain-based smart contracts are designed to be tamper-proof and decentralized—making them nearly impossible to disable without network-wide consensus. It's architectural resilience, weaponized.

🔒 Security & Privacy

How TeamPCP's Self-Propagating Worm Turned Open Source Into a Backdoor Factory

TeamPCP just demonstrated something terrifying: a worm that doesn't need human help to spread through open source ecosystems. It compromised npm tokens, poisoned packages, and used blockchain to stay untouchable.

Open Source Beat Apr 03, 2026 4 min read 23 views

Read in: Deutsch English Español Français Italiano 日本語 한국어 Português (BR)

Network diagram showing malware propagation through npm package registry with blockchain nodes for command and control

⚡ Key Takeaways

TeamPCP deployed a self-propagating worm that automatically harvests npm tokens and poisons packages without manual intervention—escalating from manual to fully automated supply chain attacks 𝕏
The group uses Internet Computer Protocol smart contracts for command-and-control, making their infrastructure resistant to traditional takedown tactics used against centralized botnets 𝕏
This represents a fundamental shift in supply chain attack sophistication: moving from single-project poisoning to ecosystem-scale automation with blockchain-based persistence 𝕏

Published by

Open Source Beat

Community-driven. Code-first.

#TeamPCP malware #npm supply chain attack #open source security #self-propagating worm #smart contract botnet

Worth sharing?

Get the best Open Source stories of the week in your inbox — no noise, no spam.

Originally reported by Ars Technica - Tech

⚡ Key Takeaways

The 60-Second TL;DR

Open Source Beat

Share this article

Worth sharing?

Related Stories

Invisible Code Is Now Flooding GitHub. Your Code Review Won't Catch It.

Trivy's Poisoned Release: One Malicious Version Hits Thousands of Pipelines

Semgrep's Free Tier Is Actually Useful—But Here's What You're Missing

Docker Just Made Hardened Images Free and Open Source—Here's Why That Matters

Stay in the loop