VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

IronWorm and Miasma target npm: secret theft and self‑propagation

IronWorm и Miasma атакуют npm: кража секретов и самораспространение

Colleagues, note major supply‑chain attacks observed in npm.

- IronWorm (JFrog): Rust stealer with eBPF rootkit and Tor, spread via trojanized releases from compromised asteroiddao account; steals env vars, cloud keys, AI‑assistant configs and wallets.
- New Miasma variant (Endor Labs/StepSecurity): >50 packages, "Phantom Gyp" (binding.gyp) and Bun loader to extract secrets, including from AI‑IDEs.
- Mitigation: revoke/rotate keys, disable install‑scripts and native rebuilds, pin packages with integrity hashes, audit CI/Actions.

Why it matters: malicious code propagates via supply chain and exfiltrates secrets.

What will you change in your security processes?

#cybersecurity #supplychain #npm #DevSecOps

Latest comments

No comments yet.