New IronWorm malware hits 36 packages in npm supply-chain attack

A newly observed supply-chain campaign involving a Rust-based infostealer called IronWorm has infected 36 npm packages. The malware uses an eBPF kernel rootkit, communicates over Tor, steals a wide range of environment variables and credential files (including cloud and developer secrets), and self-propagates by publishing trojanized packages with stolen npm credentials; researchers recommend upgrading affected packages, rotating keys, and enabling 2FA.