Malicious npm packages associated with Namastex.ai were compromised with malware exhibiting tradecraft similar to TeamPCP's CanisterWorm campaign. The attack targeted packages including @automagik/genie and pgserve, implementing install-time execution that harvests credentials, environment variables, SSH keys, cloud credentials, browser data, and crypto-wallet artifacts. The payload exfiltrates stolen data to both a conventional webhook at telemetry.api-monitor.com and an Internet Computer Protocol canister endpoint. It incorporates self-propagation logic to compromise additional npm packages using stolen publishing tokens and includes cross-ecosystem spreading capabilities targeting PyPI. The malware uses hybrid encryption with RSA and AES-256-CBC for data exfiltration. Multiple package namespaces were affected, suggesting shared infrastructure or coordinated compromise across publisher accounts.