IronWorm and Miasma target npm: secret theft and self‑propagation

Colleagues, note major supply‑chain attacks observed in npm.
- IronWorm (JFrog): Rust stealer with eBPF rootkit and Tor, spread via trojanized releases from compromised asteroiddao account; steals env vars, cloud keys, AI‑assistant configs and wallets.
- New Miasma variant (Endor Labs/StepSecurity): >50 packages, "Phantom Gyp" (binding.gyp) and Bun loader to extract secrets, including from AI‑IDEs.
- Mitigation: revoke/rotate keys, disable install‑scripts and native rebuilds, pin packages with integrity hashes, audit CI/Actions.
Why it matters: malicious code propagates via supply chain and exfiltrates secrets.
What will you change in your security processes?
#cybersecurity #supplychain #npm #DevSecOps


Latest comments
No comments yet.