CanisterWorm Malware Attacking Docker/K8s/Redis to Gain Access and Steal Secrets

A financially motivated cybercrime group has been quietly compromising cloud environments since late 2025, and its activities are now drawing serious concern across the security community.

The group, known as TeamPCP, operates a self-propagating worm called CanisterWorm that hunts for poorly secured Docker APIs, Kubernetes clusters, Redis servers, and systems vulnerable to the React2Shell flaw.

Once inside, the worm moves laterally through victim networks, stealing credentials and extorting organizations through Telegram. The campaign is broad, affecting enterprises running cloud workloads on both Azure and AWS.

What makes this threat particularly serious is the scale at which TeamPCP automates its attacks.

Research from the security firm Flare shows Azure accounts for roughly 61% of compromised servers, while AWS makes up another 36%, totaling 97% of all affected infrastructure.

The group does not rely on new exploits; instead, it weaponizes known vulnerabilities and cloud misconfigurations, turning exposed control planes into a self-spreading criminal ecosystem.

KrebsOnSecurity analysts identified that the same infrastructure behind these data theft campaigns was later used to launch a targeted wiper attack on systems tied to Iran.

On March 19, 2026, TeamPCP escalated its operations by launching a supply chain attack against Trivy, a widely used vulnerability scanner from Aqua Security.

The attackers injected credential-stealing malware into official GitHub Actions releases, harvesting SSH keys, cloud credentials, Kubernetes tokens, and cryptocurrency wallets from unsuspecting users.

Although the malicious files were later removed, a significant amount of damage had already occurred. Over the weekend of March 22 to 23, the group deployed a new destructive payload that activates when the victim system uses Iran’s timezone or has Farsi set as the default language.

Charlie Eriksen, a security researcher at Aikido, explained that if the wiper detects a Kubernetes cluster on an Iranian system, it will destroy data across every node in that cluster.

Without a cluster, it simply wipes the local machine. This geographic targeting marks a meaningful shift in threat design, showing that financially motivated groups are embedding geo-specific logic to pursue politically charged goals alongside financial ones.

Eriksen noted that TeamPCP continued bragging on Telegram, claiming access to sensitive records from a large multinational pharmaceutical company.

This shows a snippet of the malicious CanisterWorm code targeting systems that match Iran’s timezone or have Farsi as the default language.

Blockchain-Backed Command Infrastructure

One of the most technically striking aspects of CanisterWorm is how TeamPCP manages its attack infrastructure.

The group uses Internet Computer Protocol (ICP) canisters, which are blockchain-based smart contracts that combine code and data into a single tamperproof unit.

These canisters can directly serve web content to users and, because they run on a distributed blockchain network, are very difficult to take down.

As long as the operators keep paying the required virtual currency fees, the canisters remain online and active. The infrastructure shows an overview of CanisterWorm’s ICP canister deployment as documented by Aikido.

This approach makes traditional takedown methods nearly ineffective. Law enforcement and hosting providers typically fight malware by seizing servers, but a blockchain-anchored command structure sidesteps that entirely.

TeamPCP has also been seen rapidly modifying its payload, adding new features, pulling the malware offline temporarily, and even redirecting the canister to an unrelated YouTube video between attacks.

This constant flexibility suggests the group is actively testing and refining its tools in real time, making detection and containment considerably harder for defenders.

Organizations running Docker, Kubernetes, or Redis in cloud environments should immediately audit configurations for exposed APIs and unauthenticated access points.

Teams should rotate SSH keys, cloud credentials, and Kubernetes tokens, especially if Trivy or KICS was used in CI/CD pipelines around March 19 to 23, 2026.

Monitoring for lateral movement and locale-based behavior in containers is strongly advised.

GitHub repository owners should also review their Actions workflows for unauthorized changes and enforce strict access controls on cloud control planes to limit the exposure that groups like TeamPCP exploit.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.