SlowMist: IronWorm malware attacks Web3 ecosystem through npm package

SlowMist Monitoring has discovered that the new Rust supply chain malware IronWorm is using malicious npm packages to attack developer environments and the Web3 ecosystem. The attack behaviors include credential theft, wallet mnemonic and password theft, GitHub repository tampering, malicious package publishing, CI/CD confidential leakage, Tor based command control, and eBPF rootkit invisibility. The security team needs to review backtracking submissions, suspicious branches, unexpected hook constructions, and automated identity submissions.