Multiple supply chain attacks have targeted the npm ecosystem, with malicious and poisoned package versions used to spread a Rust-based information stealer and a self-spreading worm across more than 50 legitimate packages, according to a technical analysis from JFrog.
KEY FACTS
- IronWorm the malware was traced to a compromised npm account and used trojanized packages to self-replicate.
- Targets the stealer searched for credentials tied to AI tools, cloud services, containers, vaults and crypto wallets.
- Miasma a separate campaign hit 57 npm packages across more than 286 malicious versions.
- Technique researchers said the newer wave used a small binding.gyp file to trigger code execution during npm install.
- Exfiltration stolen data was sent to GitHub accounts used as dead drops and staging points.
JFrog said IronWorm was published from a compromised npm account named asteroiddao and executed through a preinstall hook. The malware was designed to collect secrets from environment variables and files linked to OpenAI Codex, Anthropic, Claude, Google Gemini, Cursor, AWS, Docker, Kubernetes and npm.
It also included logic to avoid stealing the threat actor’s own cryptocurrency wallet data. JFrog said the code could replace GitHub Actions workflows to harvest secrets and upload them as build artifacts, which removed the need for an external command and control server.
The disclosure also described a kernel-level rootkit component that used eBPF to hide processes and resist analysis. On systems with kernel lockdown enabled, those hiding tricks did not work and the hidden processes and sockets became visible again.
In a separate campaign, Endor Labs and StepSecurity linked a new Miasma variant to 57 packages and more than 286 malicious versions. StepSecurity said the attack abused a small binding.gyp file instead of standard install scripts, while the payload downloaded Bun to collect secrets from cloud, developer and AI assistant environments.
WHY IT MATTERS
The incidents show how package registries can be used to spread malware quickly through software supply chains, including by abusing trusted build and install paths. Developers who installed affected versions may need to rotate credentials, review GitHub and CI workflows, and pin packages with integrity hashes.