Security researchers have uncovered a supply chain attack targeting the Arweave ecosystem, in which malicious code was hidden inside 36 npm packages. The incident, first identified by security firm JFrog, involves a Rust-based infostealer named IronWorm.
The attack begins when a developer installs one of the compromised packages. A preinstall hook in the package.json file executes the malware before npm even starts the installation process. Once active, IronWorm scans the infected machine for 86 environment variables and 20 credential files. It targets AWS tokens, API keys from providers like Anthropic and OpenAI, npm authentication credentials, and data from Exodus cryptocurrency wallets. SSH keys are also on its list.
The attackers took over an npm account named “asteroiddao,” which belongs to the asteroid-dao GitHub group—part of the Arweave or WeaveDB decentralized database project. All packages under this account were republished within a short period, each containing a 976 KB Linux file stored in a tools/ directory. The researchers noted that the file was packed in a way designed to evade standard unpacking tools. Inside was a large Rust binary with individually encrypted strings, making analysis more difficult. Once decoded, those strings revealed GitHub API endpoints, paths to credential files, fake bot accounts linked to real GitHub user IDs, and templates for injecting malicious code into other package registries.
How IronWorm spreads
After gathering credentials, IronWorm uses them to push commits into repositories the victim can access. Those commits plant the same malicious binary into other packages, which can then be published to npm and infect the next developer in the chain. JFrog identified 57 backdated malicious commits across nine GitHub organizations. The commits used the author name “claude” with the email [email protected]. Timestamps were forged to match each repository’s most recent legitimate commit. One appeared to date back 13 years, but GitHub Actions logs showed all pushes occurred within a few days of discovery. The affected organizations included asteroid-dao, weavedb, ArweaveOasis, and several personal accounts associated with the developer “ocrybit.”
IronWorm also deploys an eBPF kernel rootkit to hide its presence on infected machines. Communications to its operator are routed through the Tor network. The Rust compiler left the rootkit’s source code inside the binary—an operational slip that made analysis easier for security teams. In a bizarre twist, the operator hardcoded their own cryptocurrency wallet recovery phrase into the malware. JFrog believes this was a safeguard to prevent the stealer from exfiltrating the attacker’s own credentials during testing.
Broader context and mitigations
Application security firm Ox Security said the attack was caught early, before it could spread to more packages on npm. The malicious versions were marked as deprecated within a day, and most of the backdated commits were removed from GitHub shortly after. However, this is not an isolated incident. On May 14, hackers exploited an inactive maintainer account for node-ipc, a package with more than 822,000 weekly downloads. The attackers re-registered the maintainer’s expired email domain and reset the npm password. Three compromised variants carried credential-stealing payloads aimed at over 90 categories of developer secrets.
Security firms Endor Labs and StepSecurity also identified a concurrent but distinct attack using JavaScript-based malware called binding.gyp, which performed similar registry poisoning and GitHub Actions infection during the same timeframe. Developers who installed any of the affected WeaveDB packages should rotate all credentials, check lock files for unexpected version changes, and enable two-factor authentication on both npm and GitHub accounts.
