Home
News
Details

New Rust-based supply chain malware IronWorm targets the Web3 ecosystem through npm packages

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Web3 news broke as a new Rust-based supply chain malware, IronWorm, targets the Web3 adoption ecosystem through malicious npm packages. The malware steals credentials, wallet mnemonics, and passwords, while tampering with GitHub repositories and leaking CI/CD secrets. Security teams are urged to audit for suspicious commits, branches, and build hooks from automated identities such as claude, dependabot, or github-actions. Affected versions should be deprecated, clean versions released, and leaked tokens rotated.

ChainCatcher report: According to SlowMist monitoring, a new Rust supply chain malware campaign named IronWorm is targeting developer environments and the Web3 ecosystem via malicious npm packages. Potential attack behaviors include credential theft, theft of wallet mnemonics and passwords, GitHub repository tampering, distribution of malicious packages, leakage of CI/CD secrets, Tor-based command and control, and eBPF rootkit stealth. Security teams should audit repositories for retroactive commits, suspicious branches, unexpected build hooks, and commits attributed to automated identities such as claude, dependabot, renovate, or github-actions. It is recommended to remove or deprecate affected package versions, release clean versions, rotate all compromised keys and tokens, review GitHub Actions artifacts, and rebuild potentially compromised development or CI systems from clean images.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.