Audit log

Every state-changing event for IronWorm npm Supply Chain Attack: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-18 17:03:42Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 427,329,604

   sig

   2aQTxXkVpLfJ…dBhcQLA5copyexplorer ↗

   hash

   A9w9S6yL8cQY…NVy7gg8Ccopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (19479 B) ▸

   {"actor":"system:backfill","investigation_id":"bd576f8e-de69-4776-9825-0f7bb35637f1","kind":"publish","page_slug":"ironworm-npm-supply-chain-attack","published_at":"2026-06-18T17:03:42.485Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"IronWorm npm Supply Chain Attack","sections":[{"content":"IronWorm was publicly disclosed on approximately June 4–5, 2026, following analysis by JFrog Security Research and reporting by BleepingComputer, The Hacker News, and others. The campaign centered on a compromised npm account named 'asteroiddao,' which belongs to the asteroid-dao GitHub group and is associated with the Arweave decentralized storage ecosystem and the WeaveDB decentralized database project. Malicious versions of 36–37 packages were published from this account containing a hidden 976 KB Rust ELF binary executed via a preinstall hook in package.json, triggering automatically during npm install without any additional user interaction. The campaign has no CVE assigned. JFrog named the malware 'IronWorm' and noted its relationship to a prior campaign called 'Shai-Hulud,' with IronWorm described as 'Shai-Hulud's rustier cousin.' A related worm variant called Miasma was also reported in the same disclosure window.","heading":"Campaign Overview","severity":"critical","sources":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"BleepingComputer: New IronWorm malware hits 36 packages in npm supply-chain attack","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/"},{"credibility":2,"name":"The Hacker News: IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks","type":"news_article","url":"https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html"},{"credibility":2,"name":"Cryptopolitan: Attackers trojanized Arweave's WeaveDB npm package to deploy malware","type":"news_article","url":"https://www.cryptopolitan.com/attackers-arweaves-weavedb-npm-malware/"}]},{"content":"The IronWorm binary is a large Rust release build employing an async runtime, packed with a custom-modified UPX stub with its signature removed to prevent automated unpacking. Every internal string is encrypted with a unique per-call-site key, substantially increasing reverse-engineering effort. The binary is 976 KB and placed in a tools/ directory within affected packages, disguised to avoid casual inspection.\n\nThe malware sweeps 86 environment variables and over 20 credential file paths covering AWS, Google Cloud, Azure, HashiCorp Vault, Kubernetes, Docker, GitHub, npm, RubyGems, and PyPI credentials, as well as a full suite of 2026-generation AI provider API keys including Anthropic Claude (~/.claude/.credentials.json), OpenAI (Codex), Google Gemini, Cohere, Mistral, Groq, Perplexity, and xAI. SSH keys and Cursor editor auth tokens (~~/Cursor/auth.json) are also targeted.\n\nA dedicated Exodus desktop wallet module weakens Electron security settings (disabling webSecurity, sandbox, contextIsolation, and nodeIntegration) and injects JavaScript hooks that capture the wallet password and BIP-39 recovery phrase at the moment the user unlocks their wallet, forwarding captured data to localhost:8738.","heading":"Technical Architecture","severity":"critical","sources":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"Phoenix Security: IronWorm (No CVE): Rust-Built npm Worm Ships an eBPF Rootkit, Tor C2, and a Self-Propagating Supply Chain Implant Across 37 Packages","type":"research","url":"https://phoenix.security/ironworm-npm-supply-chain-worm-rust-ebpf-rootkit-tor/"},{"credibility":2,"name":"CyberSecurityNews: IronWorm Supply Chain Attack Uses Malicious npm Packages to Steal Developer Secrets","type":"news_article","url":"https://cybersecuritynews.com/ironworm-supply-chain-attack-uses-malicious-npm-packages/"}]},{"content":"IronWorm embeds an eBPF-based kernel rootkit that provides persistent stealth on infected Linux systems. The BPF component rewrites /proc results to remove malicious process IDs from listings returned by ps, top, and similar utilities. Network concealment is achieved by filtering /proc/net/tcp entries and netlink interface results to hide the malware's socket connections. The rootkit also intercepts ptrace calls, responding with SIGKILL to crash any debugger or analysis tool that attempts to attach to the malware process. According to JFrog's analysis, systems with kernel lockdown mode enabled experience degraded rootkit stealth, as certain BPF operations are restricted in hardened configurations.","heading":"eBPF Kernel Rootkit","severity":"critical","sources":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"CryptoCimes: IronWorm Malware Targets Web3 Developers via Compromised npm Packages","type":"news_article","url":"https://www.cryptotimes.io/2026/06/04/ironworm-malware-targets-web3-developers-via-compromised-npm-packages/"}]},{"content":"IronWorm avoids relying on static command-and-control server addresses by downloading the Tor expert bundle at runtime, writing a custom torrc configuration, and communicating via plain HTTP over Tor tunnels to a hidden service endpoint at /api/agent. Commands supported by the C2 channel include secret uploads, arbitrary file drops to the victim machine, and remote shell execution. A fallback exfiltration channel uses temp.sh for payload uploads if Tor connectivity is unavailable. This architecture makes infrastructure takedown substantially more difficult than traditional C2 approaches.","heading":"Tor Command-and-Control Infrastructure","severity":"critical","sources":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"Phoenix Security: IronWorm npm Supply Chain Worm","type":"research","url":"https://phoenix.security/ironworm-npm-supply-chain-worm-rust-ebpf-rootkit-tor/"}]},{"content":"IronWorm's defining characteristic as a worm, rather than a conventional infostealer, is its autonomous self-propagation mechanism. After gaining initial access to a developer or CI environment, the malware harvests GitHub Actions OIDC identity tokens and exchanges them for short-lived npm automation tokens via npm's Trusted Publishing workflow. This eliminates the need for stored npm credentials and allows the worm to publish new trojanized versions of any packages owned by the victim account without triggering typical credential-reuse alerts.\n\nSimultaneously, the malware pushes malicious commits into victim-owned GitHub repositories. To evade detection in code review, commit timestamps are forged by copying the dates of the most recent legitimate commits in each repository. JFrog identified 57 backdated malicious commits across nine GitHub organizations: asteroid-dao, ocrybit, alisista, warashibe, kakedashi-hacker, weavedb, ArweaveOasis, arthursimao, and mlebjerg. These commits were attributed to spoofed identities including claude@users.noreply.github.com, dependabot, and github-actions to appear as routine automated maintenance activity. Most backdated commits were removed from GitHub shortly after discovery, though some remained visible for a period after takedown.","heading":"Self-Replication via npm Trusted Publishing and GitHub Actions","severity":"critical","sources":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"The Hacker News: IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks","type":"news_article","url":"https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html"},{"credibility":2,"name":"CryptoCimes: IronWorm Malware Targets Web3 Developers via Compromised npm Packages","type":"news_article","url":"https://www.cryptotimes.io/2026/06/04/ironworm-malware-targets-web3-developers-via-compromised-npm-packages/"}]},{"content":"The attack primarily targeted the Arweave ecosystem via the 'asteroiddao' npm account. Confirmed malicious package versions include weavedb-sdk@0.45.3, weavedb-lite@0.1.1, weavedb-sdk-base@0.21.1, test-weavedb-sdk@1.1.1, weavedb-warp-contracts-plugin-deploy@1.0.11, arnext variants, and roidjs variants, among over 30 additional packages. Published reports cite between 36 and 37 packages as directly compromised under the asteroiddao account, with JFrog's full IoC list detailing the complete set.\n\nMalicious versions were marked as deprecated on npm within approximately one day of the attack becoming public knowledge. The swift deprecation limited broader propagation, and JFrog noted the attack was caught before achieving widespread npm ecosystem proliferation. The WeaveDB and Arweave projects themselves were not responsible for the compromise; the attack vector was the hijacking of a maintainer's npm account rather than any vulnerability in the WeaveDB codebase.","heading":"Affected npm Packages and Ecosystem","severity":"high","sources":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"Cryptopolitan: Attackers trojanized Arweave's WeaveDB npm package to deploy malware","type":"news_article","url":"https://www.cryptopolitan.com/attackers-arweaves-weavedb-npm-malware/"},{"credibility":2,"name":"CryptoNews.net: IronWorm malware plants rootkit in Arweave ecosystem npm libraries","type":"news_article","url":"https://cryptonews.net/news/security/32974831/"}]},{"content":"A significant operational security failure by the threat actor provided researchers with a direct identifier for the operator. The malware's Exodus wallet-theft module contains a skip-list of wallet addresses and credentials that should not be exfiltrated — a mechanism intended to prevent the operator from stealing their own funds during testing or deployment. Within this skip-list, the operator hardcoded their own 12-word BIP-39 mnemonic recovery phrase: 'bench crane defense corn wheel trial news abuse finish better paddle slush.' This phrase derives the Ethereum address 0x7e28D9889f414B06c19a22A9Bd316f0AC279a4d6, which showed zero transaction history at the time of JFrog's analysis, consistent with the campaign still being in an early or testing phase at the time of discovery. No further attribution to a named individual or group has been publicly confirmed based on available sources.","heading":"Operator Identification: Hardcoded Wallet Recovery Phrase","severity":"high","sources":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"The Hacker News: IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks","type":"news_article","url":"https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html"},{"credibility":2,"name":"CybersecurityNews: IronWorm Supply Chain Attack","type":"news_article","url":"https://cybersecuritynews.com/ironworm-supply-chain-attack-uses-malicious-npm-packages/"}]},{"content":"JFrog's analysis positions IronWorm as an evolution of the 'Shai-Hulud' malware family, sharing architectural similarities while introducing more sophisticated Rust-based implementation and eBPF rootkit capabilities. A 'Mini Shai-Hulud' variant was reportedly discovered in May 2026, preceding IronWorm's June emergence. A separate but related campaign named 'Miasma' — described as a new worm variant — was disclosed concurrently with IronWorm in The Hacker News reporting in June 2026. A 'TrapDoor' campaign was also reported in May 2026 as part of the broader threat environment targeting npm and developer tooling. Phoenix Security's malware package intelligence corpus documented 59 supply chain campaigns and 657 malicious package indicators of compromise across npm, PyPI, VS Code, and AI agent tooling from June 2024 through June 2026, placing IronWorm within a broader escalating pattern of developer-targeting supply chain attacks.","heading":"Relationship to Prior Campaigns","severity":"medium","sources":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"The Hacker News: IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks","type":"news_article","url":"https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html"},{"credibility":2,"name":"Phoenix Security: IronWorm npm Supply Chain Worm","type":"research","url":"https://phoenix.security/ironworm-npm-supply-chain-worm-rust-ebpf-rootkit-tor/"}]},{"content":"Malicious npm package versions were marked as deprecated within approximately one day of public disclosure. The majority of 57 backdated malicious commits were removed from affected GitHub repositories shortly after discovery. No official CVE has been assigned to IronWorm as of the time of reporting. Developers who ran npm install on any affected asteroiddao-account packages between the malicious publication window and deprecation should treat their entire development environment as compromised, rotate all credentials visible in environment variables or credential files, consider the machine's kernel state untrusted due to the eBPF rootkit component, and check their Exodus wallet for unauthorized access. Any npm packages they own should be reviewed for unauthorized versions or commit history anomalies.","heading":"Remediation and Response","severity":"high","sources":[{"credibility":2,"name":"Cryptopolitan: Attackers trojanized Arweave's WeaveDB npm package to deploy malware","type":"news_article","url":"https://www.cryptopolitan.com/attackers-arweaves-weavedb-npm-malware/"},{"credibility":2,"name":"BleepingComputer: New IronWorm malware hits 36 packages in npm supply-chain attack","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/"}]}],"sources_used":[{"credibility":2,"name":"JFrog Security Research: IronWorm: Shai-Hulud's rustier cousin","type":"research","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"credibility":2,"name":"BleepingComputer: New IronWorm malware hits 36 packages in npm supply-chain attack","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/"},{"credibility":2,"name":"The Hacker News: IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks","type":"news_article","url":"https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html"},{"credibility":2,"name":"CryptoTimes: IronWorm Malware Targets Web3 Developers via Compromised npm Packages","type":"news_article","url":"https://www.cryptotimes.io/2026/06/04/ironworm-malware-targets-web3-developers-via-compromised-npm-packages/"},{"credibility":2,"name":"CyberSecurityNews: IronWorm Supply Chain Attack Uses Malicious npm Packages to Steal Developer Secrets","type":"news_article","url":"https://cybersecuritynews.com/ironworm-supply-chain-attack-uses-malicious-npm-packages/"},{"credibility":2,"name":"Phoenix Security: IronWorm (No CVE): Rust-Built npm Worm Ships an eBPF Rootkit, Tor C2, and a Self-Propagating Supply Chain Implant Across 37 Packages","type":"research","url":"https://phoenix.security/ironworm-npm-supply-chain-worm-rust-ebpf-rootkit-tor/"},{"credibility":2,"name":"Cryptopolitan: Attackers trojanized Arweave's WeaveDB npm package to deploy malware","type":"news_article","url":"https://www.cryptopolitan.com/attackers-arweaves-weavedb-npm-malware/"},{"credibility":2,"name":"CryptoNews.net: IronWorm malware plants rootkit in Arweave ecosystem npm libraries","type":"news_article","url":"https://cryptonews.net/news/security/32974831/"}],"summary":"IronWorm is a Rust-based self-propagating malware campaign that compromised 36–37 npm packages in early June 2026 by exploiting a hijacked npm account ('asteroiddao') linked to the Arweave/WeaveDB ecosystem. The implant deploys an eBPF kernel rootkit, communicates over Tor, and includes a dedicated module targeting Exodus desktop wallet seed phrases and passwords. It self-replicates by abusing npm's Trusted Publishing flow and stolen GitHub Actions credentials to push backdated trojanized commits across at least nine GitHub organizations, making it one of the most technically sophisticated crypto-targeting supply chain attacks publicly documented to date.","timeline":[{"date":"2026-05-14","event":"Separate node-ipc maintainer account compromise reported, part of the broader threat landscape targeting npm maintainers.","source":"Cryptopolitan","source_url":"https://www.cryptopolitan.com/attackers-arweaves-weavedb-npm-malware/"},{"date":"2026-05-01","event":"Mini Shai-Hulud variant discovered, described as a precursor to IronWorm within the same malware family.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/04/ironworm-malware-targets-web3-developers-via-compromised-npm-packages/"},{"date":"2026-06-04","event":"IronWorm publicly disclosed following SlowMist alert; malicious npm package versions detected under the 'asteroiddao' account targeting the Arweave/WeaveDB ecosystem.","source":"CryptoTimes / BleepingComputer","source_url":"https://www.cryptotimes.io/2026/06/04/ironworm-malware-targets-web3-developers-via-compromised-npm-packages/"},{"date":"2026-06-04","event":"Malicious npm package versions (36–37 packages) marked as deprecated within approximately one day of publication.","source":"Cryptopolitan","source_url":"https://www.cryptopolitan.com/attackers-arweaves-weavedb-npm-malware/"},{"date":"2026-06-05","event":"JFrog Security Research publishes full technical analysis of IronWorm, naming it as 'Shai-Hulud's rustier cousin,' detailing eBPF rootkit, Tor C2, Trusted Publishing abuse, and hardcoded operator wallet recovery phrase.","source":"JFrog Security Research","source_url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"},{"date":"2026-06-05","event":"BleepingComputer and The Hacker News publish coverage; The Hacker News also reports the concurrent Miasma worm variant in the same npm attack wave.","source":"BleepingComputer / The Hacker News","source_url":"https://thehackernews.com/2026/06/ironworm-and-new-miasma-worm-variant.html"},{"date":"2026-06-05","event":"57 backdated malicious commits removed from the nine affected GitHub organizations, though some remain visible afterward.","source":"JFrog Security Research","source_url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 048d1685-f903-4c1a-b244-5a6c38222705copy