Overview
- Multiple vendors disclosed the escalation on June 5–6, 2026, reporting two concurrent campaigns that dropped malicious releases across dozens of npm packages and many versions.
- JFrog called the Rust payload IronWorm and said it runs from a preinstall hook, installs an eBPF kernel rootkit to hide, talks over Tor, and scrapes a wide range of secrets including cloud keys, SSH keys, and AI‑assistant configs.
- Researchers identified a revived Miasma variant that abuses a 157‑byte binding.gyp trick called “Phantom Gyp” to run during npm install, downloads the Bun runtime to load credential harvesters, and exfiltrates data to public GitHub repos used as adaptive command channels.
- Investigators say attackers used compromised maintainer or personal GitHub accounts and abused GitHub Actions OIDC tokens and npm’s trusted publishing flow so poisoned packages carried valid SLSA provenance when pushed to the registry.
- Registry admins revoked many malicious releases and responders advise teams to rotate exposed secrets, block or disable install‑time scripts, pin dependencies with integrity hashes, and audit CI/publishing credentials because public tool releases raise copycat risk.