吴说区块链
吴说区块链|6月 04, 2026 00:19
According to Aikido Security, the new "IronWorm" supply chain attack affects over 30 npm packages from asteroiddao. The malicious Rust binary executes during the pre-installation phase. The attack program can scan 86 environment variables and 20 types of credential files, targeting AWS, GCP, Vault, npm, as well as AI keys from Anthropic, OpenAI, and more. It also attempts to attack the Exodus wallet. The malware uses an eBPF rootkit to hide itself, connects back via Tor, and self-propagates using the npm Trusted Publishing OIDC mechanism. Additionally, it forges backdated commits under names like claude, dependabot, and renovate to cover its tracks. https://(wublock123.com)/news/aikido-ironworm-supply-chain-attack-npm-steals-cloud-ai-keys-62180
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads