Asteroiddao hit by network compromise
Incident
Summary
Hide ▲
Show ▼
asteroiddao suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider supply-chain attack. The account was used to publish packages carrying a Rust ELF binary executed via preinstall. That compromise matters because it turned a trusted publishing identity into an infection path for developers and CI systems consuming npm packages.
Related Happenings
AsyncAPI malicious npm package supply-chain malware
Malware Activity
H score21
First: 15.07.2026 18:37
Last: 15.07.2026 18:37
Sources 1
About this happening:
Malicious AsyncAPI npm releases pushed a remote access trojan and info-stealing payload into packages with more than 2.25 million weekly downloads, putting downstr...
AsyncAPI malicious npm package supply-chain malware
Malware ActivityAbout this happening: Malicious AsyncAPI npm releases pushed a remote access trojan and info-stealing payload into packages with more than 2.25 million weekly downloads, putting downstr...
AsyncAPI repositories and npm publishing workflow hit by network compromise
Incident
H score27
First: 15.07.2026 12:16
Last: 15.07.2026 12:16
Sources 1
About this happening:
The AsyncAPI npm publishing pipeline was compromised in a July 14 supply-chain attack that used the project’s normal GitHub Actions release path to publish trojani...
AsyncAPI repositories and npm publishing workflow hit by network compromise
IncidentAbout this happening: The AsyncAPI npm publishing pipeline was compromised in a July 14 supply-chain attack that used the project’s normal GitHub Actions release path to publish trojani...
Jscrambler hit by network compromise
Incident
H score15
First: 13.07.2026 22:44
Last: 13.07.2026 22:44
Sources 1
About this happening:
The Jscrambler npm package suffered an unauthorized publication of a malicious version that exposed developers to infostealer theft risk. The bad release stayed li...
Jscrambler hit by network compromise
IncidentAbout this happening: The Jscrambler npm package suffered an unauthorized publication of a malicious version that exposed developers to infostealer theft risk. The bad release stayed li...
@Injectivelabs/[email protected] wallet-stealing package
Malware Activity
H score30
First: 10.07.2026 20:29
Last: 10.07.2026 20:29
Sources 1
About this happening:
The malicious @injectivelabs/[email protected] package is a wallet-stealing malware activity that can expose private keys and mnemonic seed phrases when library functions...
@Injectivelabs/[email protected] wallet-stealing package
Malware ActivityAbout this happening: The malicious @injectivelabs/[email protected] package is a wallet-stealing malware activity that can expose private keys and mnemonic seed phrases when library functions...
OpenMandriva Linux project hit by cyberattack
Incident
H score32
First: 10.07.2026 01:14
Last: 10.07.2026 01:14
Sources 1
About this happening:
The OpenMandriva Linux project is recovering from an attempted internal sabotage that deleted repositories and published an empty package that could have damaged user...
OpenMandriva Linux project hit by cyberattack
IncidentAbout this happening: The OpenMandriva Linux project is recovering from an attempted internal sabotage that deleted repositories and published an empty package that could have damaged user...
Timeline
-
04.06.2026 18:25 2 articles · 1mo ago
IronWorm infects 36 npm packages in a supply-chain attack
Initial DisclosureA supply-chain attack on the Node Package Manager (npm) index infected 36 packages with IronWorm, a Rust-based infostealer that targets 86 environment variables and 20 credential files, hides behind an eBPF kernel rootkit, and communicates over Tor. The attack began from a compromised account named asteroiddao that published malicious package versions and pushed commits, using preinstall execution to seed trojanized releases that could steal credentials and self-propagate through npm. The campaign was detected very early and stopped before it spread to more popular packages on npm.
Show sources
- New IronWorm malware hits 36 packages in npm supply-chain attack — www.bleepingcomputer.com — 04.06.2026 18:25
- New IronWorm malware hits 36 packages in npm supply-chain attack — www.bleepingcomputer.com — 04.06.2026 18:25