Vibe Coding
Pattern: Supply Chain Worms Now Cross Ecosystem Boundaries — npm→PyPI with Crypto Wallet Theft and Takedown-Resistant C2
The @fairwords/CanisterWorm incident demonstrates supply chain attacks have evolved from single-ecosystem credential theft to cross-ecosystem self-propagating worms. The attack chain: compromise npm packages → steal npm tokens → self-replicate across victim's packages → cross to PyPI via .pth injection → steal crypto wallets and Chrome passwords → exfiltrate via ICP canister dead-drop that can't be taken down. For anyone running AI coding agents that execute npm install or pip install, the attack surface just expanded: your agent's package installation step is now a worm propagation vector. Second-generation infected packages appeared 8 minutes after initial compromise.
↳ Follow the thread