Full Report
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]
Analysis Summary
# Incident Report: IronWorm NPM Supply-Chain Attack
## Executive Summary
A sophisticated supply-chain attack involving 36 malicious npm packages was identified, delivering a Rust-based infostealer dubbed "IronWorm." The malware features self-propagating capabilities by leveraging stolen npm credentials and GitHub Trusted Publishing secrets to trojanize legitimate packages. The campaign was detected early by security researchers, limiting its reach before it could compromise high-profile packages.
## Incident Details
- **Discovery Date:** June 4, 2026
- **Incident Date:** June 2026 (ongoing at time of report)
- **Affected Organization:** 36 npm packages (including those associated with the 'asteroiddao' account)
- **Sector:** Software Development / DevOps
- **Geography:** Global (npm ecosystem)
## Timeline of Events
### Initial Access
- **Date/Time:** Early June 2026
- **Vector:** Compromised npm account ('asteroiddao') and GitHub Trusted Publishing secrets.
- **Details:** The attacker used a compromised account to publish package versions containing a malicious Rust ELF binary executed via the `preinstall` script.
### Lateral Movement
- The malware functions as a "worm." Once a developer or CI environment is infected, it uses stolen secrets/credentials found on the host to publish malicious updates to other packages owned by the victim, spreading the infection to downstream users.
### Data Exfiltration/Impact
- **Targeted Data:** 86 environment variables and 20 credential files, including OpenAI, AWS, Anthropic, and npm credentials, SSH keys, and Exodus cryptocurrency wallets.
- **Exfiltration Method:** While the malware supports Tor-based C2, researchers found a mechanism intended to upload stolen secrets as GitHub Action "build artifacts" (disguised as linting/formatting logs) to avoid external C2 detection.
### Detection & Response
- **Detection:** Identified by researchers at JFrog, Ox Security, Endor Labs, and StepSecurity.
- **Response:** Impacted packages were flagged; researchers published IoCs and package lists to facilitate remediation.
## Attack Methodology
- **Initial Access:** Registry poisoning via compromised publishing accounts and `preinstall` scripts.
- **Persistence:** Implementation of an eBPF kernel rootkit to hide the malware on Linux systems.
- **Privilege Escalation:** Not explicitly detailed, but leverages CI/CD permissions.
- **Defense Evasion:** Use of Rust (less common for analysis), eBPF rootkit for hiding processes, Tor for C2, and backdating Git commit timestamps (up to 13 years old) to evade timeline analysis.
- **Credential Access:** Scraping environment variables and known secret file paths (AWS, SSH, etc.).
- **Discovery:** Scanning for secrets associated with GitHub Trusted Publishing and npm tokens.
- **Lateral Movement:** Self-propagation by trojanizing legitimate packages under the victim’s control.
- **Collection:** Serializing secrets into local files with harmless names (e.g., "formatting output").
- **Exfiltration:** Communication over Tor and potential use of GitHub Action artifacts.
- **Impact:** Compromise of developer environments and downstream supply chain integrity.
## Impact Assessment
- **Financial:** Risk of cryptocurrency theft via Exodus wallet targeting; potential cloud cost inflation via stolen AWS/AI keys.
- **Data Breach:** Exposure of highly sensitive API keys (OpenAI, Anthropic) and infrastructure secrets.
- **Operational:** Disruption of CI/CD pipelines and the need for significant credential rotation effort.
- **Reputational:** Loss of trust in the affected 36 npm packages and their maintainers.
## Indicators of Compromise
- **Network:** Communication with Tor exit nodes.
- **File:** Rust-based ELF binaries executed during npm install; filenames mimicking linting or formatting outputs.
- **Behavioral:** Unexpected `preinstall` execution; GitHub commits authored by "claude" with suspicious/historical timestamps; unauthorized package updates.
## Response Actions
- **Containment:** Removal of malicious package versions from the npm registry.
- **Eradication:** Affected developers must delete local malicious binaries and clean CI/CD runners.
- **Recovery:** Rotation of all potentially exposed secrets (AWS, OpenAI, SSH, npm tokens).
## Lessons Learned
- **Credential Security:** Trusted Publishing and automation tokens are high-value targets that allow malware to spread autonomously.
- **Detection Gaps:** Standard analysis may miss malicious activity hiding in eBPF or disguised as CI/CD artifacts.
- **Evasion Tactics:** Attackers are increasingly using backdated commits to confound incident responders' timelines.
## Recommendations
- **Rotate Credentials:** Immediately rotate any secrets stored in environment variables if an infected package was pulled.
- **Implement 2FA:** Ensure Multi-Factor Authentication is mandatory for all npm and GitHub accounts.
- **Audit Scripts:** Use `npm install --ignore-scripts` where possible or use tools to audit `preinstall` scripts.
- **Monitor CI/CD:** Inspect GitHub Action artifacts for unusual files or sizes that might indicate exfiltration.