New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack

Slashdotby BeauHDJune 4, 2026tech

A new npm supply-chain attack has infected 36 packages with Rust-based infostealer malware called IronWorm. According to BleepingComputer, the malware "targets 86 environment variables (key-value pairs) and 20 credential files that may contain OpenAI, AWS, Anthropic, and npm credentials, vault configuration files, SSH keys, and Exodus cryptocurrency wallet files." From the report: According to researchers at supply-chain and devops company JFrog, IronWorm is written in Rust, hides behind an eBPF

This article was published on Slashdot (slashdot.org). Read the full article on the original source:

Read full article on Slashdot

#negative #security

New IronWorm Malware Hits 36 Packages In npm Supply-Chain Attack

More from Slashdot

340 Local News Outlets Now Blocking the Internet Archive

GOV.UK Goes Dutch On Payments As It Dumps Stripe

BSA Lashes Out At Mandatory Open-Source Licensing

Google Says It Will Replenish More Water Than It Uses At Data Centers

Valve Says Steam Machine 'Shipping This Summer'

ISS Astronauts Told To Prepare For Possible Evacuation Over Air Leak

Used Waymo Robotaxi Batteries Become Backup Storage For Power Grids

Bees Can Use Tools To Solve Problems, Study Finds