A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.
The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files.
According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF kernel rootkit, and communicates with the operator over the Tor network.
This is a stark reminder that supply chain attacks are one of the most insidious threats in modern software development. As someone who works with AI-powered image generation tools daily, I always verify package integrity before integrating anything new. The npm ecosystem is incredibly powerful but also vulnerable when malicious actors exploit trust. Developers need to adopt zero-trust practices for dependency management. Thanks for the detailed breakdown of this attack vector.