{"id":238395,"date":"2026-06-05T02:23:25","date_gmt":"2026-06-05T07:23:25","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/06\/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack"},"modified":"2026-06-05T02:23:25","modified_gmt":"2026-06-05T07:23:25","slug":"new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/06\/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack","title":{"rendered":"New IronWorm malware hits 36 packages in npm supply-chain attack"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack.jpg\"><\/a><\/p>\n<p>A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.<\/p>\n<p>The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files.<\/p>\n<p>According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF kernel rootkit, and communicates with the operator over the Tor network.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files. According to researchers at [\u2026]<\/p>\n","protected":false},"author":662,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34,6],"tags":[],"class_list":["post-238395","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/238395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/662"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=238395"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/238395\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=238395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=238395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=238395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}