Rust infostealer hits npm packages, hides in eBPF rootkit

A Rust-built infostealer turned routine npm installs into a delivery mechanism, hiding inside more than 30 packages and executing before dependency resolution ever finished. The payload sat behind a preinstall hook, buried in a tarball that looked like ordinary package content until the malicious 976 KB Linux ELF binary was uncovered in a tools directory.

JFrog Security Research said the campaign, which it publicly dated to June 3, 2026, began with npm packages published through the asteroiddao account tied to the asteroid-dao GitHub organization in the Arweave and WeaveDB ecosystem. In the sample JFrog analyzed, the package was weavedb-sdk@0.45.3. Once installed, the binary reached out through Tor, scraped secrets from the host, and deployed an eBPF kernel rootkit to stay hidden while it worked.

That is what makes IronWorm different from the usual package-script mess: a malicious shell snippet is easier to spot than a compiled binary tucked into a dependency tree. JFrog described the malware as a heavy infostealer that hunted every secret it could find on a developer machine, then used stolen credentials to commit itself into victims’ GitHub repositories and keep spreading through trusted developer workflows. JFrog said malicious versions were marked deprecated within about a day, and most of the malicious GitHub commits were later removed.

The blast radius widened fast. SC Media reported 57 malicious commits across nine organizations and said the malware targeted 86 environment variables, including cloud, database, package-registry, CI/CD, Vault, Kubernetes, messaging, AI-service credentials, and Exodus wallet data. OX Security put the package count at 36 infected npm packages with 32,177 combined monthly downloads and 148,724 total lifetime downloads. For Rust developers who also touch JavaScript tooling, CI, or AI-keyed side projects, that combination is the warning sign: one compromised install path can expose everything from build secrets to model API keys.

The propagation trick matters just as much as the payload. npm Trusted Publishing uses OIDC trust with CI/CD providers such as GitHub Actions and GitLab CI/CD instead of long-lived npm tokens, which is meant to reduce credential exposure. IronWorm abused that same workflow by stealing CI credentials and using them to publish onward, turning a security feature into a spread path. The practical response starts with the workflows already in hand: inspect preinstall and postinstall hooks, flag any package that drops downloaded binaries into tools or similar directories, lock down environment variables that hold cloud, registry, wallet, or AI keys, and isolate build jobs so a compromised runner cannot publish back into the registry.