{"campaign":{"name":"IronWorm","slug":"ironworm","href":"/ti/campaigns/ironworm","description":"Rust-built infostealer npm supply chain worm, identified by JFrog Security Research on 2026-06-03 as an evolved variant of the Shai-Hulud worm family. Distributed via npm packages published from the compromised `asteroiddao` account (43 packages), it targets the Arweave/WeaveDB decentralized-database and broader Web3/crypto developer ecosystem. The malicious install hook drops a ~976 KB Rust ELF (`tools/setup`, UPX-packed with overwritten magic) that harvests ~86 environment variables and 20+ credential file paths (cloud, AI API keys, SCM/registry/CI tokens, Kubernetes/Vault secrets), captures Exodus desktop wallet seed phrases, ships an eBPF kernel rootkit for process/socket hiding and anti-debugging, beacons to a Tor hidden service (/api/agent) with temp.sh fallback exfil, and self-republishes via npm OIDC Trusted Publishing. Code paths targeting PyPI, Cargo, Conan and vcpkg credentials/registries were also present. Shares Shai-Hulud tradecraft (claude@ commit spoofing, dependency-tooling masquerade, supply-chain self-propagation) but escalates to a custom native implant.","objective":"Harvest developer, cloud, AI, registry, CI/CD and crypto-wallet credentials from Web3/crypto (Arweave/WeaveDB) developers and self-propagate across npm via OIDC Trusted Publishing.","aliases":["Iron Worm"],"discovered_at":"2026-06-03"},"packages":[{"ecosystem":"npm","name":"weavedb-sdk","href":"/ti/packages/npm/weavedb-sdk","threat_types":["credential_stealer","worm","crypto_drainer","data_exfiltration","persistence","c2_agent"],"versions":["0.45.3"]},{"ecosystem":"npm","name":"weavedb-lite","href":"/ti/packages/npm/weavedb-lite","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.1"]},{"ecosystem":"npm","name":"weavedb-sdk-base","href":"/ti/packages/npm/weavedb-sdk-base","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.21.1"]},{"ecosystem":"npm","name":"test-weavedb-sdk","href":"/ti/packages/npm/test-weavedb-sdk","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["1.1.1"]},{"ecosystem":"npm","name":"weavedb-warp-contracts-plugin-deploy","href":"/ti/packages/npm/weavedb-warp-contracts-plugin-deploy","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["1.0.11"]},{"ecosystem":"npm","name":"arnext-arkb","href":"/ti/packages/npm/arnext-arkb","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.0.2"]},{"ecosystem":"npm","name":"weavedb-console","href":"/ti/packages/npm/weavedb-console","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.2.1"]},{"ecosystem":"npm","name":"arnext","href":"/ti/packages/npm/arnext","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.5"]},{"ecosystem":"npm","name":"roidjs","href":"/ti/packages/npm/roidjs","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.7"]},{"ecosystem":"npm","name":"weavedb-exm-sdk","href":"/ti/packages/npm/weavedb-exm-sdk","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.7.4"]},{"ecosystem":"npm","name":"create-arnext-app","href":"/ti/packages/npm/create-arnext-app","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.0.10"]},{"ecosystem":"npm","name":"weavedb-tools","href":"/ti/packages/npm/weavedb-tools","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"]},{"ecosystem":"npm","name":"wdb-core","href":"/ti/packages/npm/wdb-core","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.2"]},{"ecosystem":"npm","name":"cwao-tools","href":"/ti/packages/npm/cwao-tools","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.3.1"]},{"ecosystem":"npm","name":"test-ajs","href":"/ti/packages/npm/test-ajs","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.19"]},{"ecosystem":"npm","name":"monade","href":"/ti/packages/npm/monade","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.0.7"]},{"ecosystem":"npm","name":"weavedb-exm-sdk-web","href":"/ti/packages/npm/weavedb-exm-sdk-web","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.7.4"]},{"ecosystem":"npm","name":"testnpmnmp","href":"/ti/packages/npm/testnpmnmp","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["1.0.21"]},{"ecosystem":"npm","name":"warp-contracts-plugin-deploy-test","href":"/ti/packages/npm/warp-contracts-plugin-deploy-test","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["3.0.1"]},{"ecosystem":"npm","name":"wdb-cli","href":"/ti/packages/npm/wdb-cli","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.1"]},{"ecosystem":"npm","name":"ai3","href":"/ti/packages/npm/ai3","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.3.5"]},{"ecosystem":"npm","name":"cwao-units","href":"/ti/packages/npm/cwao-units","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.8.3"]},{"ecosystem":"npm","name":"atomic-notes","href":"/ti/packages/npm/atomic-notes","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.5.3"]},{"ecosystem":"npm","name":"cwao","href":"/ti/packages/npm/cwao","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.5.6"]},{"ecosystem":"npm","name":"weavedb-client","href":"/ti/packages/npm/weavedb-client","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"]},{"ecosystem":"npm","name":"wdb-sdk","href":"/ti/packages/npm/wdb-sdk","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.2"]},{"ecosystem":"npm","name":"weavedb-offchain","href":"/ti/packages/npm/weavedb-offchain","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.4"]},{"ecosystem":"npm","name":"fpjson-lang","href":"/ti/packages/npm/fpjson-lang","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.7"]},{"ecosystem":"npm","name":"weavedb-contracts","href":"/ti/packages/npm/weavedb-contracts","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.2"]},{"ecosystem":"npm","name":"weavedb-node-client","href":"/ti/packages/npm/weavedb-node-client","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"]},{"ecosystem":"npm","name":"arjson","href":"/ti/packages/npm/arjson","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.4"]},{"ecosystem":"npm","name":"hbsig","href":"/ti/packages/npm/hbsig","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.3.2"]},{"ecosystem":"npm","name":"zkjson","href":"/ti/packages/npm/zkjson","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.8.5"]},{"ecosystem":"npm","name":"aonote","href":"/ti/packages/npm/aonote","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.11.1"]},{"ecosystem":"npm","name":"weavedb-base","href":"/ti/packages/npm/weavedb-base","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"]},{"ecosystem":"npm","name":"weavedb-sdk-node","href":"/ti/packages/npm/weavedb-sdk-node","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"]},{"ecosystem":"npm","name":"wao","href":"/ti/packages/npm/wao","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.41.2"]}],"indicators":[{"kind":"github_repo","value":"asteroid-dao/eternal-storage","href":"/ti/ioc/github_repo/github_repo-8791fd799b8f","context":"Victim GitHub repo poisoned by IronWorm. Malicious commit SHA a8f0c75a77698759413dbadcb99b62709816ed42 (backdated, spoofed claude author)."},{"kind":"github_repo","value":"asteroid-dao/asteroid-protocol","href":"/ti/ioc/github_repo/github_repo-da1dce5360f1","context":"Victim GitHub repo poisoned by IronWorm. Malicious commit SHA 5d7c93caf50a447a8d48cafe2e5cff6b47618b13."},{"kind":"github_repo","value":"alisista/aht-testnet","href":"/ti/ioc/github_repo/github_repo-cf1ffc3c8ced","context":"Victim GitHub repo poisoned by IronWorm. Malicious commit SHA 10c619e75181d07ddcccb5c1f62766c85fef08df."},{"kind":"github_repo","value":"ocrybit/mweb3waves","href":"/ti/ioc/github_repo/github_repo-e989fd3a0454","context":"Victim GitHub repo (compromised account ocrybit) poisoned by IronWorm. Malicious commit SHA 0fe6a098fe698e586188e0f2e851ef43f1a35958."},{"kind":"github_repo","value":"ocrybit/by-coffeescript","href":"/ti/ioc/github_repo/github_repo-f8dec39ca7bc","context":"Victim GitHub repo (compromised account ocrybit) poisoned by IronWorm. Malicious commit SHA fd64413119575fa119eaa9f94d32208c7d916796."},{"kind":"file_path","value":"tools/setup","href":"/ti/ioc/file_path/file_path-a3dec2550575","context":"~976 KB UPX-packed Rust ELF infostealer binary dropped inside the malicious npm tarball; invoked by the package.json preinstall hook (preinstall: ./tools/setup)."},{"kind":"file_path","value":".github/scripts/precheck","href":"/ti/ioc/file_path/file_path-5a0085c54ae6","context":"Alternate in-repo path for the IronWorm Rust binary dropper, committed under the spoofed claude author identity."},{"kind":"file_path","value":"q2.bpf.c","href":"/ti/ioc/file_path/file_path-79ddd9e3946a","context":"eBPF rootkit component source filename recovered from .BTF.ext debug metadata left in the embedded ELF object (214 verbatim source lines). Provides process hiding (/proc rewriting), TCP socket hiding (netlink filtering), and anti-debugging (ptrace interception, SIGKILL)."},{"kind":"url","value":"tor://api/agent","href":"/ti/ioc/url/url-22fc577bf3e0","context":"Primary C2 beacon path /api/agent served over a Tor hidden service (.onion address not published by the researcher). Provides remote shell plus file download/execute. Tor reached via custom torrc + downloaded Tor expert bundle."},{"kind":"url","value":"https://temp.sh","href":"/ti/ioc/url/url-0c6e64b7ce44","context":"Fallback exfiltration host (public file-sharing service), reached over Tor when the primary Tor hidden-service C2 is unavailable."},{"kind":"url","value":"http://127.0.0.1:8738","href":"/ti/ioc/url/url-826c7261870d","context":"Local loopback HTTP listener used to capture wallet credential POSTs (Exodus desktop wallet password + BIP-39 seed mnemonic injected from the browser/app)."},{"kind":"url","value":"https://registry.npmjs.org/-/npm/v1/oidc/token/exchange/package","href":"/ti/ioc/url/url-9e57ef0cdfb1","context":"npm OIDC Trusted Publishing token-exchange endpoint abused for self-replication: mints a package-scoped automation token without stored credentials, then republishes trojanized versions."},{"kind":"wallet","value":"0x7e28D9889f414B06c19a22A9Bd316f0AC279a4d6","href":"/ti/ioc/wallet/0x7e28D9889f414B06c19a22A9Bd316f0AC279a4d6","context":"Operator's own Ethereum wallet, derived from a hardcoded BIP-39 recovery phrase ('bench crane defense corn wheel trial news abuse finish better paddle slush') left inside the binary and present in the malware's wallet skip-list. Near-empty test wallet; an OPSEC failure that aids attribution."},{"kind":"email","value":"claude@users.noreply.github.com","href":"/ti/ioc/email/claude@users.noreply.github.com","context":"Spoofed git commit author identity used to plant the binary dropper and blend with AI-assistant automation. Also seen across the Shai-Hulud / Mini Shai-Hulud worm family."}],"ttps":[{"name":"Compromise Software Supply Chain","mitre_attack_id":"T1195.002","href":"/ti/ttps/T1195.002"},{"name":"Obfuscated Files or Information","mitre_attack_id":"T1027","href":"/ti/ttps/T1027"},{"name":"Deobfuscate/Decode Files or Information","mitre_attack_id":"T1140","href":"/ti/ttps/T1140"},{"name":"Unsecured Credentials: Credentials In Files","mitre_attack_id":"T1552.001","href":"/ti/ttps/T1552.001"},{"name":"Unsecured Credentials: Cloud Instance Metadata API","mitre_attack_id":"T1552.005","href":"/ti/ttps/T1552.005"},{"name":"Steal Application Access Token","mitre_attack_id":"T1528","href":"/ti/ttps/T1528"},{"name":"Valid Accounts","mitre_attack_id":"T1078","href":"/ti/ttps/T1078"},{"name":"Exfiltration Over C2 Channel","mitre_attack_id":"T1041","href":"/ti/ttps/T1041"},{"name":"Proxy: Multi-hop Proxy","mitre_attack_id":"T1090.003","href":"/ti/ttps/T1090.003"},{"name":"Rootkit","mitre_attack_id":"T1014","href":"/ti/ttps/T1014"},{"name":"Hide Artifacts","mitre_attack_id":"T1564","href":"/ti/ttps/T1564"},{"name":"Impair Defenses: Disable or Modify Tools","mitre_attack_id":"T1562.001","href":"/ti/ttps/T1562.001"},{"name":"Debugger Evasion","mitre_attack_id":"T1622","href":"/ti/ttps/T1622"},{"name":"Account Manipulation","mitre_attack_id":"T1098","href":"/ti/ttps/T1098"},{"name":"Masquerading","mitre_attack_id":"T1036","href":"/ti/ttps/T1036"},{"name":"Boot or Logon Autostart Execution: XDG Autostart Entries","mitre_attack_id":"T1547.013","href":"/ti/ttps/T1547.013"},{"name":"Input Capture: Keylogging","mitre_attack_id":"T1056.001","href":"/ti/ttps/T1056.001"}],"related_campaigns":[{"name":"Shai-Hulud","slug":"shai-hulud","href":"/ti/campaigns/shai-hulud","relationship":"variant-of"}],"reports":[{"title":"Iron Worm — Shai-Hulud's rustier cousin","url":"https://research.jfrog.com/post/iron-worm-shai-hulud-rustier-cousin/","published_at":"2026-06-03"}]}