Asurion A.I CyberSecurity Scoring
Asurion
Company Information
Website:http://www.asurion.com
Employees number:16,725
Number of followers:270,567
NAICS:5415
Industry Type:IT Services and IT Consulting
Homepage:asurion.com
Asurion Risk Score (AI oriented)
Between 700 and 749
AsurionIT Services and IT Consulting
Updated:
23/04/2026
23/04/2026
749/1000
Moderate
Ba
Asurion Global Score (TPRM)
xxxx
AsurionIT Services and IT Consulting
Score locked

AsurionModerate
Current Score
749Ba (MODERATE)
01000
2 incidents
-14 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
751
JUNE 2026
750
MAY 2026
749
APRIL 2026
763
Cyber Attack
22 Apr 2026 • Asurion
Asurion, npm and GitHub: Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
New Supply Chain Worm Targets npm and PyPI, Stealing Developer Credentials
749
CRITICAL-14
GITNPMASU1776918263
New Supply Chain Worm Targets npm and PyPI, Stealing Developer Credentials
Cybersecurity researchers from Socket and StepSecurity have uncovered a self-propagating supply chain worm, dubbed CanisterSprawl, that exploits compromised npm packages to steal developer credentials and spread malicious updates. The campaign, active in recent weeks, leverages an ICP canister for data exfiltration a tactic previously used by TeamPCP to evade takedowns.
### Affected Packages
The following npm packages were found to contain malicious postinstall hooks that trigger the worm during installation:
- `@automagik/genie` (v4.260421.33–4.260421.40)
- `@fairwords/loopback-connector-es` (v1.4.3–1.4.4)
- `@fairwords/websocket` (v1.0.38–1.0.39)
- `@openwebconcept/design-tokens` (v1.0.1–1.0.3)
- `@openwebconcept/theme-owc` (v1.0.1–1.0.3)
- `pgserve` (v1.1.11–1.1.14)
### Attack Mechanics
Once executed, the malware harvests sensitive data from developer environments, including:
- npm tokens (used to publish poisoned package versions)
- SSH keys, `.git-credentials`, and `.netrc` files
- Cloud credentials (AWS, Google Cloud, Azure)
- Kubernetes, Docker, Terraform, and Vault configurations
- Local `.env` files and shell history
- Browser-stored credentials (Chromium-based browsers)
- Cryptocurrency wallet extensions
Stolen data is exfiltrated to:
- An HTTPS webhook (`telemetry.api-monitor[.]com`)
- An ICP canister (`cjn37-uyaaa-aaaac-qgnva-cai.raw.icp0[.]io`)
The worm also includes PyPI propagation logic, generating malicious Python packages via Twine if credentials are present, effectively turning one compromised environment into multiple package infections.
### Additional Threats in Open-Source Ecosystems
- Compromised PyPI Package: Versions 2.6.0–2.6.2 of the legitimate `xinference` package were altered to include a Base64-encoded payload, fetching a second-stage credential harvester. While the payload includes the marker "# hacked by teampcp," the group denied involvement, suggesting a copycat attack.
- Fake Kubernetes Tools: Malicious npm (`kube-health-tools`) and PyPI (`kube-node-health`) packages disguised as Kubernetes utilities deploy a Go-based binary that sets up:
- A SOCKS5 proxy
- A reverse proxy
- An SFTP server
- An LLM proxy (routing requests to Chinese LLM APIs, enabling secret exfiltration and malicious payload injection).
- Asurion-Themed npm Attack: Between April 1–8, 2026, threat actors published fake npm packages (`sbxapps`, `asurion-hub-web`, `soluto-home-web`, `asurion-core`) impersonating Asurion and its subsidiaries. Stolen credentials were first sent to a Slack webhook, then to an AWS API Gateway endpoint, later obfuscated with XOR encoding.
- GitHub Actions Exploitation: A campaign dubbed prt-scan, active since March 11, 2026, abuses the `pull_request_target` GitHub Actions trigger to steal secrets. Attackers:
- Fork repositories using the trigger
- Inject malicious payloads into CI workflows
- Open pull requests to trigger credential theft
- Publish malicious npm packages if tokens are found
While the campaign had a <10% success rate, most victims were small projects, though a few exposed cloud credentials and persistent API keys.
### Impact & Trends
These incidents highlight the growing sophistication of supply chain attacks, with threat actors increasingly targeting npm, PyPI, and CI/CD pipelines to propagate malware. The use of resilient exfiltration methods (ICP canisters, obfuscated endpoints) and multi-stage credential theft underscores the need for heightened scrutiny in open-source dependency management.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
763
FEBRUARY 2026
762
JANUARY 2026
762
DECEMBER 2025
760
NOVEMBER 2025
761
OCTOBER 2025
761
SEPTEMBER 2025
760
AUGUST 2025
760
AUGUST 2019
781
Breach
01 Aug 2019 • Asurion
Asurion
Asurion Data Breach
700
CRITICAL-81
ASU11273423
Asurion suffered from a data breach incident which disclosed private info of 1000 employees and more than a million customers.
The company confirmed the breach but said it believes the suspect took less information than he claimed.
The hacker has more than 100 terabytes of Asurion's sensitive data including thousands of employee's social security numbers and banking information and over a million customer's names, addresses, phone numbers and account numbers.
It was found that the corporation paid at least $300,000 in ransom to an extortionist who claimed he stole the private information.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Asurion ??
What was Asurion's A.I Rankiteo Cyber Score in June 2026 ??
What was Asurion's A.I Rankiteo Cyber Score in May 2026 ??
What was Asurion's A.I Rankiteo Cyber Score in April 2026 ??
What was Asurion's A.I Rankiteo Cyber Score in March 2026 ??
What was Asurion's A.I Rankiteo Cyber Score in February 2026 ??
What was Asurion's A.I Rankiteo Cyber Score in January 2026 ??
What was Asurion's A.I Rankiteo Cyber Score in December 2025 ??
What was Asurion's A.I Rankiteo Cyber Score in November 2025 ??
What was Asurion's A.I Rankiteo Cyber Score in October 2025 ??
What was Asurion's A.I Rankiteo Cyber Score in September 2025 ??
What was Asurion's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Asurion's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Asurion ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Asurion's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?