A new malware campaign called 'IronWorm' is targeting the open source software ecosystem, particularly developers through compromised npm workflows. Written in Rust, it steals sensitive developer secrets such as API keys and SSH keys, which are then used to propagate across the software supply chain. IronWorm is compared to the previous 'Shai-Hulud' campaign due to its credential theft mechanisms and use of a rootkit to hide malicious activity.
It has reportedly affected at least 36 npm packages, leading to 32,000 monthly downloads before being mitigated. This incident illustrates the growing risks in software supply chains where developers are prime targets. IronWorm is noted for its unique features and custom design, making it harder to detect and analyze compared to previous malware.