SlowMist: Rust Supply Chain Malware IronWorm Targets Developer Environments and Web3 Crypto Ecosystem

Odaily Planet Daily News: SlowMist posted on X platform, stating that its threat intelligence system has detected a new Rust supply chain malware activity named IronWorm. This malware actively attacks developer environments and the Web3/crypto ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet seed phrase and password theft, GitHub repository tampering, malicious package publishing, CI/CD key theft, Tor-based command and control, and covert persistence via eBPF rootkits.

SlowMist recommends that security teams audit repositories for backdated commits, suspicious branches, abnormal build hooks, and commits attributed to automated identities such as claude, dependabot, renovate, or github-actions; remove or deprecate affected package versions, publish clean versions, rotate all exposed keys and tokens, review GitHub Actions build artifacts, and rebuild potentially compromised developer or CI systems from clean images. This threat was discovered and analyzed by JFrogSecurity.