PANews
PANews|Jun 04, 2026 06:51
[SlowMist: New Rust Supply Chain Malware 'IronWorm' Attacking the Web3 Ecosystem via npm Packages] According to monitoring by SlowMist, a new Rust supply chain malware activity named 'IronWorm' is targeting developer environments and the Web3 ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet mnemonic and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret leaks, Tor-based command and control, and eBPF rootkit stealth. Security teams should audit backtracked commits, suspicious branches, unexpected build hooks, and submissions from automated identities such as Claude, Dependabot, Renovate, or GitHub Actions within repositories.
+6
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads