Tor

supply-chain 2026-06-04
IronWorm: A Rust-Built npm Worm With an eBPF Rootkit and Tor C2
JFrog dissected IronWorm, a self-replicating npm supply-chain worm written in Rust that hides behind an eBPF kernel rootkit, beacons over Tor, and steals 86 env vars and 20+ credential files. 36 packages hit before it was caught.
supply-chain npm rust ebpf rootkit tor web3 shai-hulud

IronWorm: A Rust-Built npm Worm With an eBPF Rootkit and Tor C2