SlowMist: A new Rust supply chain malware, IronWorm, is attacking the Web3 ecosystem via npm packages.

CoinFeed reported on June 4th that, according to SlowMist monitoring, a new Rust supply chain malware campaign called IronWorm is attacking developer environments and the Web3 ecosystem through malicious npm packages. Potential attacks include credential theft, wallet mnemonic phrase and password theft, GitHub repository tampering, malicious package distribution, CI/CD confidentiality leaks, Tor-based command control, and eBPF rootkit stealth. Security teams should audit backtracking commits, suspicious branches, unexpected build hooks, and commits using automated identities such as claude, dependabot, renovate, or github-actions in repositories.