IronWorm
IronWorm is a Rust-based, self-propagating supply-chain malware and infostealer distributed through trojanized npm packages. JFrog reported the campaign affecting 36-37 malicious package versions, including activity tied to the compromised npm account asteroiddao and the Arweave/WeaveDB ecosystem. The malware executes via npm preinstall hooks that launch a hidden Linux ELF binary, including binaries placed under paths such as tools/setup. It is designed to steal high-value developer and CI/CD secrets from Linux environments, including 86 targeted environment variables and more than 20 credential files. Reported targets include SSH keys, npm publishing credentials, GitHub tokens, cloud credentials, Docker and Podman authentication data, Kubernetes and Vault secrets, browser/session data, messaging-platform tokens, AI-service API keys, and Exodus cryptocurrency wallet data. Researchers also reported modules that target Kubernetes service-account tokens and accessible Secrets, and logic to capture Exodus wallet passwords and recovery phrases.
IronWorm uses stolen credentials to propagate further through the software supply chain. Reported propagation mechanisms include modifying accessible GitHub repositories, inserting malicious and backdated commits, adding build-hook changes, and publishing additional trojanized npm packages. JFrog reported 57 malicious commits across nine GitHub organizations and noted spoofed identities such as claude, Dependabot, Renovate, and github-actions. The malware can abuse npm Trusted Publishing by obtaining short-lived publish tokens from CI OIDC workflows, allowing package publication without stored npm credentials. Researchers also identified GitHub Actions-based exfiltration logic that could serialize secrets into a benign-looking file and upload them as build artifacts, although JFrog stated this mechanism was not observed being used in the analyzed campaign.
For stealth and persistence, IronWorm includes an eBPF-based Linux kernel rootkit that hides processes and network activity from standard tools, and multiple reports state it communicates with operators over the Tor network. Reported command-and-control behavior includes beaconing to a Tor hidden service endpoint and support for commands to upload secrets, drop files, and execute remote shells. The malware was described as custom-built and operationally similar to Shai-Hulud or Mini Shai-Hulud, but the available content states that no direct linkage was confirmed. High-confidence indicators mentioned in the content include the fake commit author email claude@users.noreply.github.com, the Tor hidden-service path /api/agent, the onion address olrh4mibs62l6kkuvvjyc5lrercqg5tz543r4lsw3o6mh5qb7g7sneid.onion, rootkit artifacts under /sys/fs/bpf/hidden_*, and the Ethereum address 0x7e28D9889f414B06c19a22A9Bd316f0AC279a4d6 derived from a hardcoded wallet recovery phrase excluded from theft.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Groups observed using it
1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.
Специалисты компании JFrog обнаружили инфостилер IronWorm, который успел заразить 36 пакетов и был нацелен на кражу секретов разработчиков, учетных данных для облачных сервисов и ключей доступа.
Techniques & procedures
28 distinct techniques documented for this family, organized by ATT&CK tactic.
Initial Access
3 techniques
Initial Access
It uses those stolen tokens to compromise additional packages... If an attacker gains those credentials, they push malicious code under your name.
Экосистема npm пострадала от новой атаки на цепочку поставок... инфостилер IronWorm успел заразить 36 пакетов... Получив доступ к машине разработчика или CI/CD-среде, вредонос использует похищенные учетные данные для публикации новых зараженных пакетов в npm.
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively.
Execution
3 techniques
Execution
The malicious activity has been traced back to a compromised npm account named "asteroiddao," which has been found to publish package versions containing the Rust ELF binary that's executed via a preinstall hook.
Persistence
2 techniques
Persistence
Privilege Escalation
1 technique
Privilege Escalation
Stealth
8 techniques
Stealth
The sample was a Linux ELF executable packed with a lightly modified UPX stub... The sample also hid most of its useful strings... each call site used its own parameters.
The payload was placed under an innocuous-looking path such as tools/setup or .github/scripts/precheck . This was committed under the author name claude <claude@users.noreply.github.com> ... Workflow commits are using a rotating cast of familiar automation identities - dependabot , renovate , github-actions.
It uses those stolen tokens to compromise additional packages... If an attacker gains those credentials, they push malicious code under your name.
This component works as a Linux kernel rootkit that helps to hide the malware’s processes and network activity.
When anything in /proc was listed , the rootkit rewrote the results in place, removing hidden PIDs before userland tools could see them.
Defense Impairment
1 technique
Defense Impairment
Credential Access
5 techniques
Credential Access
The credential sweep is exhaustive. The binary reaches for 86 environment variables spanning every major platform... source-control and package-registry tokens, CI/CD systems, messaging platforms, Vault and Kubernetes.
Малварь нацелена на кражу... SSH-ключи, конфигурации хранилищ и файлы криптовалютных кошельков Exodus.
It harvests high-value Linux development secrets—SSH keys, cloud tokens, package publishing credentials.
Discovery
1 technique
Discovery
Collection
1 technique
Collection
Command and Control
6 techniques
Command and Control
The malware was also found to accept commands for uploading secrets, dropping files and running remote shells through a Tor-based command-and-control (C2) setup.
Then it beacons out to an endpoint called /api/agent ... The conversation itself is plain HTTP wrapped inside the Tor tunnel
the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and answers to its operator over Tor."
IronWorm написан на Rust, взаимодействует со своими операторами через Tor...
Exfiltration
3 techniques
Exfiltration
The malware was also found to accept commands for uploading secrets... through a Tor-based command-and-control (C2) setup. ... the attacks share similarities including self-propagation and exfiltration of data to GitHub.
IOCs tracked for this family
11 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
IPs, domains, and DNS infrastructure linked to this family.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Other indicator types observed in public reporting.
Recent activity
14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A recent npm attack wave involving a Rust-based credential stealer and an eBPF rootkit, noted as similar to Mini Shai-Hulud.
A previously referenced supply-chain malware campaign noted only for similarity in technique: use of a preinstall script to execute an embedded binary from a package.
Rust-based infostealer/worm targeting the npm supply chain. It steals developer secrets, cloud credentials, npm/OpenAI/AWS/Anthropic credentials, SSH keys, storage configs, and Exodus wallet files; communicates via Tor; hides activity with an eBPF rootkit; and can self-propagate by using stolen credentials to publish additional infected npm packages and add malicious commits to victim repositories.
Named malware referenced only in a related-articles headline as involved in an npm supply-chain attack affecting 36 packages.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.