IronWorm Commits as 'claude.' It Steals Your Anthropic and OpenAI Keys.

On June 3, JFrog Security Research published their analysis of IronWorm — a supply chain attack that compromised 37 npm packages through the asteroiddao account. A 976KB Rust ELF binary triggered by preinstall. Caught early, before spreading to popular packages. But the techniques are a step change from everything that came before.

Three things make IronWorm different.

1. It commits as "claude"

Every malicious commit pushed to victim repositories uses the author identity claude@users.noreply.github.com. The commit messages are routine: "fix: resolve lint warnings," "test: add missing edge case," "ci: update workflow configuration."

The timestamps are forged. Some are backdated 13 years. In a repo where AI-generated commits are common and legitimate, these blend in. A developer scanning git log wouldn't notice. A code reviewer seeing a commit from "claude" might assume it came from an AI coding assistant doing its job.