A new Rust-based supply chain malware, IronWorm, is targeting the Web3 ecosystem through malicious npm packages, according to SlowMist monitoring. The malware poses significant threats, including credential theft, wallet seed and password extraction, GitHub repository tampering, malicious package distribution, CI/CD secret leaks, Tor-based command control, and eBPF rootkit stealth. Security teams are advised to audit repositories for suspicious commits, unexpected build hooks, and automated identity submissions from tools like claude, dependabot, renovate, or github-actions. It is recommended to remove affected package versions, release clean versions, rotate all compromised keys and tokens, review GitHub Actions artifacts, and rebuild potentially compromised development or CI systems from clean images.
IronWorm Malware Targets Web3 via Malicious npm Packages
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.