A Rust-based supply chain malware called IronWorm compromised dozens of npm packages in the Arweave/WeaveDB decentralized database ecosystem and shows self-propagation capabilities similar to Shai-Hulud, JFrog reported Wednesday.The malicious package versions stemmed from a compromised GitHub account — ocrybit — which made a total of 57 malicious commits to projects across nine organizations related to the Arweave blockchain.JFrog analyzed the malware and how it spread, finding that it targets 86 different environment variables for credential, secret and cryptocurrency theft.The malware automates malicious package publication through compromised accounts by obtaining an OIDC token from the developer’s CI environment and leveraging it to complete npm’s Trusted Publishing flow, the researchers explained.Similar to TeamPCP’s Mini Shai-Hulud attacks on TanStack and others, this allowed the attacker to compromise dozens of packages maintained by the asteroid-dao GitHub organization through ocrybit’s account without the need to leverage npm credentials.JFrog told SC Media that it “can’t know for sure” whether IronWorm is directly related to TeamPCP and Mini Shai-Hulud or a copycat, but that the attacks share similarities including self-propagation and exfiltration of data to GitHub.However, unlike Mini Shai-Hulud, which is written in JavaScript, IronWorm is written in Rust and proved difficult to reverse-engineer due its size, including thousands of functions, and encrypted strings that could only be captured at runtime, the researchers said.“By tracing where these hidden values were used, we found that they all ultimately passed through the same decryption routine, but each call site used its own parameters. In other words, there was no single key that could unlock everything at once. Each string had to be recovered individually,” the JFrog Security Research Team wrote in its report.The team found that the malware steals a vast array of developer, Web3 and AI-related secrets, including cloud and database credentials, package registry tokens, credentials for CI/CD systems, messaging platforms, Vault and Kubernetes, and API keys for AI services including Anthropic, OpenAI, Gemini, Cohere, Mistral, Groq, Perplexity and xAI.IronWorm also targets cryptocurrency wallets including the Exodus desktop wallet. Notably, the attacker included their own wallet’s BIP-39 recovery phrase hardcoded to prevent the malware from touching it, although this was traced back to a “near-empty test wallet holding a few cents of dust,” the researchers wrote.Several commits made by the attacker were found to be deceptively backdated to match the date of the repository’s last legitimate commit in order to hide suspicious recent changes.Some contributions were attributed to the Claude AI model with the author email “[email protected]” despite bearing timestamps as old as 13 years ago; GitHub Action logs revealed these commits were actually pushed by the compromised ocrybit user. The attacker also hid behind other non-human identities — including Dependabot, Renovate and github-actions — when pushing some malicious commits.Further analysis revealed an eBPF payload and clang-compiled BPF object with unstripped debugging metadata that revealed detailed information about the payload’s purpose. This component works as a Linux kernel rootkit that helps to hide the malware’s processes and network activity.The malware was also found to accept commands for uploading secrets, dropping files and running remote shells through a Tor-based command-and-control (C2) setup.JFrog recommended organizations audit their repositories for any commits from ocrybit or suspicious changes and backdated commits from Claude, Depandabot, Renovate or github-actions identities. Organizations that may have been compromised should check their published npm packages for malicious versions and rotate all keys and secrets available to the compromised account.The researchers published a list of 37 compromised package versions from the asteroiddao npm user, which have since been deprecated and removed from npm.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds