SlowMist has identified a new type of Rust supply chain malware named IronWorm, which is actively targeting developer environments and the Web3/crypto ecosystem. According to Odaily, the malware spreads through malicious npm packages and poses threats such as credential theft, wallet mnemonic and password theft, GitHub repository tampering, malicious package publishing, CI/CD key theft, Tor-based command and control, and stealthy persistence via eBPF rootkit.
SlowMist advises security teams to audit repositories for suspicious commits, branches, and build hooks, especially those under automated identities like claude, dependabot, renovate, or github-actions. They recommend removing or deprecating affected package versions, releasing clean versions, rotating all exposed keys and tokens, reviewing GitHub Actions build artifacts, and rebuilding potentially infected developer or CI systems from clean images. This threat was discovered and analyzed by JFrogSecurity.
SlowMist Detects New Rust-Based Malware Targeting Web3 Ecosystem
2026-06-04 06:53:41
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Next article:
Zcash区块链数小时未产出新块
