The Bottom Line: IronWorm leverages a Rust-based eBPF rootkit to steal developer credentials (OpenAI, Anthropic APIs, AWS certificates, npm tokens, SSH keys) and autonomously propagate itself across npm accounts.
Security researchers at JFrog have uncovered a supply chain campaign targeting the npm ecosystem: 36 infected packages distributed the IronWorm malware, which steals credentials from development environments and evades detection through an eBPF kernel rootkit.
JFrog discovered a total of 36 legitimate npm packages infected with IronWorm malware. The malicious code was written in Rust and utilizes an eBPF kernel rootkit to circumvent operating system-level detection mechanisms. The stolen data is forwarded to the attackers via the Tor network. The campaign originated from the compromised npm user account asteroiddao, which injected malicious code into packages through preinstall scripts.
The malware was specifically designed for data exfiltration. It scans infected systems for 86 specific environment variables and 20 credential files. These include API credentials for OpenAI and Anthropic, AWS cloud certificates, internal npm authentication tokens, HashiCorp Vault configurations, SSH keys, and Exodus wallet files. To obfuscate their activities, the attackers manipulated commit author names to “claude” and backdated timestamps by up to 13 years, despite the infected versions being uploaded only recently.
A central feature is automated self-propagation. Once IronWorm gained access to credentials or automated trusted publishing procedures, it leveraged these privileges to independently upload archived versions of managed npm packages. JFrog identified identical code-change signatures with the known malware family Shai Hulud, attributed to the hacker group TeamPCP, and classifies IronWorm as “a custom, carefully constructed implant from an operation with its own infrastructure.”
The code also contained a data exfiltration method for future attacks: the malware serializes stolen credentials and disguises them as harmless lint or formatting output, then uploads these files as build artifacts directly to the project’s GitHub Actions without requiring external command-and-control servers. This method was not actively deployed in the current campaign. Analysts noted that the malware developers had hardcoded their own cryptocurrency wallet seed phrase into the code, likely to prevent the malware from stealing from itself during the testing phase.
Ox Security reports that the attack was detected and filtered at a very early stage, before it could spread to popular packages with high reach.
Source: www.it-daily.net · Published June 16, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.1.