Listen to this Post
Intro – When Trusted Code Becomes a Weapon
The modern software ecosystem is built on trust. Developers pull millions of packages from registries like npm assuming they are safe, reviewed, and stable. But that trust has been quietly weaponized. A new wave of supply chain attacks has turned this ecosystem into a distribution channel for stealth malware.
Security researchers at JFrog, Endor Labs, and StepSecurity have uncovered a coordinated and evolving set of infections targeting npm packages. What makes this campaign especially dangerous is not just the malware itself, but how it spreads: through legitimate accounts, trusted workflows, and invisible installation hooks.
Summary – What Actually Happened Across npm
A large-scale software supply chain attack has compromised more than 50 legitimate npm packages, along with dozens of poisoned versions of additional projects. Two major malware families were identified: a Rust-based information stealer named IronWorm and a self-spreading worm derived from previous campaigns.
IronWorm is engineered to harvest secrets from developer machines, persist using kernel-level stealth, and communicate over Tor. Meanwhile, a second wave of attacks, associated with the Miasma worm, spread across at least 57 npm packages and more than 286 malicious versions.
Both campaigns share a common goal: infiltrate developer environments, steal credentials, and replicate through trusted publishing pipelines.
IronWorm – The Rust-Based Information Stealer That Thinks Like a Worm
IronWorm represents a new evolution in supply chain malware. Instead of simply stealing credentials, it actively uses them to propagate itself.
The malware is executed through npm preinstall hooks inside trojanized packages published by a compromised account known as “asteroiddao.” Once triggered, it deploys a Rust-based ELF binary designed to silently extract sensitive data from the host system.
It targets over 86 environment variables, including credentials tied to major platforms such as OpenAI, Anthropic, Google, Amazon Web Services, Docker, and Kubernetes.
Stealth Architecture – eBPF Rootkit-Level Evasion
IronWorm does not behave like traditional npm malware. It embeds eBPF-based kernel manipulation techniques to hide processes and network connections.
This allows it to avoid detection tools operating at the user level. Only systems with strict kernel lockdown policies can expose its activity, significantly reducing its stealth effectiveness.
The malware also routes communications through Tor, ensuring that command-and-control infrastructure remains anonymous and difficult to trace.
Credential Harvesting – The True Target of the Attack
IronWorm’s primary objective is mass credential extraction. It scans developer environments for:
API keys and tokens
Cloud credentials
AI service authentication data
Cryptocurrency wallet files
CI/CD secrets
It specifically targets AI coding tools and platforms such as Codex-style workflows, Claude configurations, and Gemini integrations, making it one of the first malware families optimized for AI-era development environments.
GitHub as a Weaponized Distribution Layer
One of the most alarming aspects of IronWorm is its abuse of GitHub.
The malware steals credentials from compromised developers and uses them to push malicious commits across repositories. These commits then inject malware into other packages, which are republished and continue the infection chain.
In effect, GitHub becomes an unwilling propagation engine rather than just a hosting platform.
CI/CD Abuse – Turning Automation Into Infection Loops
IronWorm also exploits CI/CD pipelines by abusing npm’s trusted publishing system. This allows it to generate short-lived authentication tokens that are then used to publish poisoned packages automatically.
It replaces GitHub Actions workflows with modified versions that quietly extract secrets, store them in disguised files, and upload them as build artifacts instead of sending them to external servers.
This design eliminates the need for traditional command-and-control infrastructure.
The Miasma Worm Returns – Faster, Broader, Smarter
Alongside IronWorm, researchers identified a second major threat: an evolved version of the Miasma worm.
This campaign spread through 57 npm packages and over 286 malicious versions. It previously appeared in the Red Hat ecosystem and resurfaced with enhanced propagation speed and stealth.
Unlike IronWorm, Miasma focuses heavily on cross-platform infection, including Linux, macOS, and Windows CI environments.
Phantom Gyp – A New Execution Trick Inside npm
Miasma introduces a technique called “Phantom Gyp,” which abuses a small 157-byte binding.gyp file to trigger code execution during installation.
This bypasses traditional npm install-script monitoring systems such as preinstall or postinstall hooks, which are commonly watched by security tools.
It represents a shift in attack strategy: from obvious scripts to silent build-time triggers.
AI Development Tools Under Direct Targeting
One of the most concerning aspects of this wave is its focus on AI-assisted development environments.
The malware injects persistent backdoors into repositories that activate when developers open projects inside AI coding tools. It also harvests configuration files tied to AI assistants and cloud-based model APIs.
This means modern AI IDEs are now part of the attack surface.
Propagation Strategy – A Self-Replicating Supply Chain Loop
Both IronWorm and Miasma share a similar propagation philosophy:
Steal credentials from developers
Infect local environments
Modify repositories
Republish poisoned packages
Infect downstream users
This creates a continuous infection loop where every victim becomes a new distributor.
Impact – Why This Changes Supply Chain Security
The real impact is not just technical compromise but structural collapse of trust in package ecosystems.
npm is no longer just a dependency registry; it has become a live battlefield where attackers exploit automation, identity systems, and developer workflows.
Once inside, attackers can remain invisible while spreading across organizations silently.
What Undercode Say:
Supply chain attacks are no longer isolated incidents but continuous ecosystems of infection
npm’s trust model is fundamentally being exploited at identity and automation layers
eBPF rootkits show malware is moving deeper into kernel-level stealth
AI coding tools are now direct attack targets, not just development aids
GitHub is functioning as both infrastructure and infection vector
Credential theft is evolving into automated propagation loops
CI/CD pipelines are now primary malware execution environments
Short-lived tokens do not prevent abuse in trusted publishing flows
Malware is increasingly designed for self-replication, not just theft
Rust is being used more frequently for stealth malware development
Traditional antivirus tools are blind to install-time build triggers
Phantom Gyp bypasses standard npm security assumptions
Developer machines are becoming credential aggregation hubs
AI assistants increase exposure of sensitive API keys
Multi-platform infection reduces containment effectiveness
Attackers are blending social engineering with automation abuse
Compromised accounts are more valuable than zero-day exploits
Repository commits are now part of malware payload delivery
CI runners are being used as secret extraction nodes
Build artifacts are being abused as covert exfiltration channels
Malware persistence is shifting toward repository-level backdoors
npm lifecycle scripts remain a major weak point
Kernel lockdown policies are becoming critical defenses
Supply chain attacks scale faster than patch cycles
Git-based infrastructure trust is being actively weaponized
Attack attribution remains extremely difficult
Malware is now optimized for stealth over speed in some cases
Tor-based communication reduces forensic traceability
AI-generated code environments increase attack surface complexity
Developers unknowingly propagate malware through normal workflows
Package dependency depth increases infection reach
Open-source ecosystems require identity verification improvements
Automated publishing is a double-edged security risk
Security tools lag behind new build-time exploitation methods
Credential reuse amplifies infection chains
Worm behavior is re-emerging in modern JavaScript ecosystems
Cross-repository contamination is now a standard tactic
GitHub Actions is a high-value exploitation target
Supply chain security must move beyond signature detection
The ecosystem is transitioning into continuous adversarial motion
❌ The existence of npm supply chain attacks is real and confirmed by multiple security firms
❌ IronWorm and Miasma are reported malware names used in security analysis contexts, not fictional constructs
❌ Techniques like CI/CD abuse, credential scraping, and install-script exploitation are verified real-world attack methods
Prediction:
(+1) Supply chain security tools will rapidly evolve to monitor build-time execution and repository behavior anomalies
(+1) AI-assisted development platforms will introduce stricter credential isolation and sandboxing layers
(+1) Kernel-level detection mechanisms like eBPF monitoring will become standard in enterprise environments
(-1) Open-source dependency ecosystems may face increasing fragmentation due to trust degradation
(-1) Attackers will continue adapting faster than static security policies can respond
(-1) CI/CD pipelines will remain high-value targets for at least the next major wave of software supply chain attacks
Deep Analysis: Security Inspection and Detection Commands
Check suspicious npm lifecycle scripts npm audit npm ls --all
Inspect preinstall/postinstall hooks
cat package.json | grep -i "install"
Monitor running processes for anomalies
ps aux | grep node ps aux | grep rust
Inspect network connections (Tor or hidden C2)
netstat -tulpn ss -tulnp
Detect unusual kernel activity (eBPF hints)
sudo bpftool prog show
Check CI/CD environment variables exposure
printenv | grep -E "AWS|GITHUB|TOKEN|SECRET"
Scan GitHub repository suspicious commits
git log --oneline --all --grep="claude"
Verify npm package integrity
npm ci --ignore-scripts
▶️ Related Video (80% Match):
🕵️📝Let’s dive deep and fact‑check.
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
References:
Reported By: thehackernews.com
Extra Source Hub (Possible Sources for article):
https://www.digitaltrends.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube
