The npm ecosystem has been targeted by multiple supply chain attacks involving over 50 compromised packages. Threat actors deployed IronWorm, a Rust-based information stealer that uses eBPF kernel rootkit techniques to hide while harvesting credentials, and a new variant of the Miasma worm capable of self-propagation across developer environments.
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
