Cybersecurity researchers have uncovered multiple software supply chain attacks affecting the npm ecosystem, with threat actors using malicious and poisoned versions of more than 50 legitimate packages to distribute advanced malware capable of stealing credentials and spreading autonomously across development environments. Security researchers at JFrog identified one of the threats, a Rust based information stealer named IronWorm, while separate investigations by Endor Labs and StepSecurity revealed a new variant of the Miasma worm infecting dozens of npm packages. Researchers said the campaigns demonstrate increasing sophistication in attacks targeting developers and software supply chains, particularly through trusted package repositories frequently used by enterprise and open source software projects.
According to JFrog, IronWorm operates as a highly advanced information stealer capable of collecting sensitive credentials from developer machines while incorporating stealth techniques to avoid detection. Researchers said the malware scrapes secrets from multiple sources, including environment variables, developer tools and cloud infrastructure platforms. The malicious campaign has been linked to a compromised npm account identified as “asteroiddao,” which published trojanised package versions containing a Rust ELF binary executed through a preinstall hook. Once deployed, the malware targets credentials associated with OpenAI Codex, Anthropic Claude, Google Gemini, Cursor, Amazon Web Services, Docker, Kubernetes, npm and cryptocurrency wallets, including Exodus wallet files. Researchers noted that the malware incorporates propagation techniques similar to the Shai Hulud worm, using stolen credentials to modify projects and inject malicious code into repositories for self replication. Investigators traced malicious commits spanning nine GitHub organisations, reportedly submitted under the author name “claude” using a noreply GitHub address to imitate Anthropic’s AI chatbot. JFrog further stated that IronWorm is equipped to alter GitHub Actions workflows to harvest secrets and store them inside build artifacts, reducing the need for external command and control infrastructure. The malware also contains an eBPF payload functioning as a kernel level rootkit designed to conceal processes and interfere with forensic analysis, although systems using kernel lockdown protections may expose hidden activity.
Researchers also disclosed a separate supply chain campaign involving a new variant of the Miasma worm, which has compromised 57 npm packages across more than 286 malicious versions. Endor Labs and StepSecurity said the malware campaign follows an earlier Miasma incident that infected 32 packages under the @redhat cloud services npm namespace within a short period. Unlike traditional supply chain attacks that rely on preinstall or postinstall lifecycle scripts, the latest variant uses a method researchers call “Phantom Gyp,” abusing a lightweight binding.gyp file to execute malicious code during npm installations while bypassing common security checks. Security analysts said the attack downloads the Bun JavaScript runtime and deploys a credential harvesting system tailored to collect secrets from cloud providers, password managers, development platforms and artificial intelligence coding assistants. Researchers highlighted a new capability that enables the malware to inject persistent backdoor files into software repositories, activating whenever developers open projects within AI assisted development environments.
The campaign reportedly exfiltrated stolen information to a GitHub account known as “liuende501,” which hosted hundreds of staged repositories before becoming inaccessible. Security researchers believe GitHub either removed the account or the operator deleted it voluntarily. Further investigation by OX Security identified additional stages in the attack chain involving GitHub commit searches for the term “firedalazer,” replacing a previously used dead drop method linked with earlier variants. These commits reportedly retrieved an additional JavaScript payload that transformed infections into an ongoing propagation cycle. Researchers also discovered more than 80 public repositories carrying descriptions linked to “Miasma The Spreading Blight,” used to store exfiltrated information. Security experts warned that GitHub traffic is commonly trusted within enterprise environments, making these tactics difficult to detect through conventional network monitoring. Developers who installed affected packages have been advised to rotate credentials, disable install scripts and native rebuilds by default, and ensure package integrity verification remains enabled to reduce exposure.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
