Open source software developers continue to come under attack, with the latest threat being a custom malware that shares many of the attributes of the notorious Shai-Hulud self-propagating worm but comes with functions that make it more difficult for defenders to detect and to reverse engineer.

Dubbed “IronWorm,” the infostealer is built in the Rust programming language and targets developers – both software as well as cryptocurrency and Web3 – through malicious npm packages, according to researchers with JFrog Security. It self-replicates across the software supply chain by stealing credentials and uploading GitHub commits, and then automatically publishing new packages to the npm registry.

“The fact that every npm package belonging to the compromised account was republished with a malicious version strongly suggested that the malware had an automated way to publish packages on behalf of its victims,” the researchers wrote in a report. “The code confirmed it.”

It steals a broad range of developer secrets, including cloud credentials, npm publishing tokens, and API and SSH keys. It looks for them in just about every major platform that developers use, from cloud providers and object storage to databases, CI/CD systems, Kubernetes, and messaging platforms. It also targets AI and machine learning API keys from players like OpenAI, Google Gemini, Anthropic, Mistral, and Groq.

Two Payloads

IronWorm uses a Tor-based command-and-control (C2) structure for communications and has two payloads for different repository structures, with each payload using a different identity to blend in.

“If the repository shipped a package – npm, PyPI, Cargo, Conan, or vcpkg (C++) – the malware took a more direct route: it dropped a binary into the project and modified the build system to execute it,” the researchers wrote, noting that this was what they saw in the wild. “If the repository already had GitHub Actions workflows, the malware had a second, nastier option: it did not add a new file, but replaced an existing one – swapping a real workflow for a secret-exfiltration job.”

They also pointed to the malware hiding behind an eBPF kernel rootkit, calling it a “standout feature” of the threat.

eBPF Used for Good and Bad

“On modern Linux systems, eBPF gives code unusually deep visibility into system activity and, in the wrong hands, a place to hide,” the researchers wrote. “The same technology used for observability and security tooling can also be abused to intercept events, manipulate what monitoring tools see, and conceal the malware’s own operations from defenders.”

They uncovered IronWorm while reviewing npm packages published by a particular account that was tied to a GitHub organization. What piqued their interest was that every one of the account’s packages had been republished inside a particular narrow window, with each new version shipping a native binary that ran from an install hook.

“That was enough to make us look closer,” they wrote, adding that the “packages were nearly identical.”

Similar But Different

The threat group TeamPCP has used Shai-Hulud for several months in campaigns targeting developers and the software supply chain. Last month, the bad actors put the worm’s source code into a GitHub repository, giving bad actors the ability to create their own variants, with multiple such clones – like the Miasma malware – being found in the wild, according to Datadog analysts.

However, while they didn’t say IronWorm was such a clone, the JFrog researchers noted some similarities to Shai-Hulud. That said, they wrote that what they were looking at was a “custom, carefully built implant from an operation with its own infrastructure and the patience to use it quietly.”

Like Shai-Hulud, it compromises developers, steals credentials, and uses trusted supply-chain workflows to spread. It also uses the same commit names as Shai-Hulud.

“But it takes the same concept to the next level,” they added. “It makes defenders’ lives harder on several fronts at once: Rust code that is painful to reverse engineer, string [encryption with a unique key at every call site] obfuscation, a modified UPX packer, Tor-based C2, an eBPF rootkit.”

A Work in Progress

They also saw that the malware’s compiler left behind the source code, and added that they found 57 back-dated malicious commits across nine organizations and saw that the operator hardcoded their own crypto wallet’s recovery phrase into the malware so it would steal from them.

Researchers with Ox Security wrote that IronWorm infected 36 unique packages, and that while those affected generated a combined 32,177 monthly downloads, IronWorm was mitigated before the infection spread too widely.

Despite what they found, the JFrog researchers wrote that IronWorm “still looks like a work in progress. Some parts are carefully engineered, but others are surprisingly careless. The BPF object still contains debug metadata and recoverable source lines, and the operator even hardcoded a wallet recovery phrase into the malware’s skip list. These mistakes gave us a rare look into how the implant works. In other words, this may not be the final form of the campaign, it may be the rehearsal.”