IronWorm Malware Infects 36 Packages in an npm Supply-Chain Attack

Security researchers have disclosed a new software supply-chain attack targeting the npm ecosystem, in which an information-stealing malware called IronWorm infected 36 packages on the Node Package Manager index. According to researchers at the supply-chain security firm JFrog, the malware is written in Rust, hides behind a rootkit that abuses the Linux kernel's eBPF technology, and communicates with its operator over the Tor network. Although the infected packages together drew more than 32,000 monthly downloads, the attack was detected early and stopped before it could spread to more popular packages.

What Does This Malware Target?

IronWorm focuses on stealing sensitive secrets from developer environments and continuous integration systems. It targets 86 environment variables and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm keys, in addition to secret vault configuration files, SSH keys, and cryptocurrency wallet files such as the Exodus wallet. This combination makes it a direct threat to any modern development environment dealing with cloud services, AI models, or digital assets.

How Does It Spread? A Self-Replicating Mechanism

The most dangerous aspect of IronWorm is its ability to self-replicate. Once it compromises a developer or CI environment, it uses stolen credentials to publish trojanized versions of the packages the victim owns on npm, which in turn infect other developers and systems, automatically widening the circle of infection. The targeted secrets include those associated with npm's Trusted Publishing mechanism, though researchers noted this propagation mechanism was not actually used in the analyzed sample.

Advanced Evasion Techniques

The campaign stood out for stealth methods that make it harder than usual to analyze and detect. Instead of the obfuscated JavaScript common in npm attacks, the malware hides its payload inside binary executable files triggered by a postinstall script after installation. It also encrypts embedded text with multiple unique keys throughout the codebase rather than a single hardcoded key, alongside using the eBPF-based rootkit to hide processes, files, and network activity from security systems. The attack originated from a compromised account named asteroiddao, using backdated commits to mislead investigation.

A Possible Link to Earlier Worms

JFrog researchers did not find a confirmed link between IronWorm and the notorious Shai-Hulud worm, but they observed matching commit names between the two attacks, raising the possibility that the new malware is an evolution of an earlier payload. Researchers describe it as a custom, carefully built implant from an operation with its own infrastructure, meaning it is not a random operation but an organized campaign. During the same period, Endor Labs and StepSecurity spotted a similar but distinct attack via a JavaScript malware called binding.gyp.

What Should You Do Now?

If you use npm in your projects, preventive steps are urgent. Review the list of affected packages and versions published in the researchers' reports, and immediately upgrade to the fixed releases. Most importantly, rotate all keys and credentials that may have been exposed, especially cloud service, AI model, and npm keys. Enable two-factor authentication on all accounts, review the postinstall scripts in your dependencies, and consider disabling their automatic execution in sensitive build environments.

Conclusion

The IronWorm attack is a stark reminder that the software supply chain has become one of the most dangerous weak points in modern development. Blind trust in open-source packages without scrutiny is no longer a safe option, especially with malware capable of self-replication and kernel-level stealth. Protecting your environment starts with rotating secrets, enabling two-factor authentication, and monitoring what actually gets installed in your projects.