Attackers used an Internet Computer (a blockchain‑based hosting environment) canister to host pointers to next‑stage payloads, marking the first publicly documented case of a canister being used explicitly to fetch command‑and‑control servers. That technique lets attackers place a resilient, decentralised dead‑drop that is harder to takedown and can be used to modularize multi‑stage supply‑chain malware.
— If decentralised hosting (canisters) becomes a reliable C2/dead‑drop vector, law enforcement, registries, and platform maintainers face new takedown and attribution challenges that change how supply‑chain incidents are investigated and mitigated.
EditorDavid
2026.03.22
100% relevant
Aikido Security researcher Charlie Eriksen said this is the first public abuse of an Internet Computer canister to fetch the C2 server; the Trivy compromise and subsequent 'CanisterWorm' used that mechanism to point to next‑stage payload URLs.
← Back to All Ideas