The Trivy Supply Chain Attack Evolves into a Self-Propagating npm Worm

A recent cybersecurity incident involving the widely used Trivy vulnerability scanner has rapidly escalated from a targeted compromise into a large-scale, self-propagating malware campaign impacting the JavaScript ecosystem. What began as a credential breach has now transformed into a sophisticated npm worm capable of spreading autonomously across developer environments and software supply chains.

Origins: Compromised Credentials and Malicious Releases

The attack traces back to March 2026, when threat actors gained access to privileged credentials tied to Trivy’s release infrastructure. Using this access, they published malicious versions of Trivy and related GitHub Actions, embedding credential-stealing functionality into trusted tools.

This initial breach exposed CI/CD pipelines and developer environments, allowing attackers to harvest sensitive data such as API keys, cloud credentials, and npm authentication tokens—laying the groundwork for further propagation.

Phase Two: Weaponizing npm Packages

Shortly after the initial compromise, attackers pivoted to the npm ecosystem, injecting malicious code into dozens of packages. Security researchers have identified 40+ compromised packages across multiple scopes, indicating a coordinated and expanding campaign.

These packages included hidden scripts designed to execute during installation (postinstall hooks), a common but powerful mechanism in Node.js. Once triggered, the malware deployed a multi-stage payload that included:

• A loader script executed on install
• A Python-based backdoor for persistence
• A connection to a decentralized command-and-control (C2) infrastructure

The use of decentralized infrastructure (such as blockchain-based “canisters”) makes the attack significantly harder to disrupt or take down.