Skip to content

Supply Chain Attack Miasma Compromises Red Hat npm Packages

In a nutshell: Miasma exploits manipulated Red Hat npm packages to exfiltrate cloud identities and establish persistence in development and deployment systems.

A targeted supply chain attack called Miasma has infiltrated multiple official npm packages from Red Hat to steal cloud identities and distribute a self-propagating worm. The attack targets developer workstations and CI/CD pipelines.

The Miasma supply chain attack has compromised seven official npm packages from the Red Hat Cloud Services ecosystem: vulnerabilities-client, tsc-transform-imports, topological-inventory-client, sources-client, rule-components, remediations-client, and rbac-client. Security researchers from Socket, Wiz, Microsoft, JFrog, and OX Security have analyzed the attack campaign and attribute it to a broader malware wave that employs similar tactics to the earlier Shai-Hulud campaign.

The compromised packages contain an obfuscated preinstall hook that executes automatically upon installation. This hook systematically searches the system for sensitive data: GitHub Actions secrets, npm tokens, Kubernetes and Vault credentials, SSH keys, and Git login credentials. A focus lies on extracting complete cloud identities for Google Cloud Platform and Microsoft Azure. To obfuscate its activity, the malware generates an individually encrypted payload for each infection. Exfiltration occurs via HTTPS requests to legitimate endpoints such as api.anthropic.com; as a fallback, data is uploaded to specially prepared public GitHub repositories with the description “Miasma: The Spreading Blight,” whose earliest traces are dated May 29, 2026.

Following initial infection, Miasma establishes persistence mechanisms in the development environment. The malware injects a SessionStart hook into the AI development tool Anthropic Claude Code and an automated execution directive into the tasks.json file of Visual Studio Code. This causes the malware code to re-execute every time a project folder is opened. Additionally, the malware attempts to spread through GitHub pipelines by launching Docker containers with privilege escalation.

The malware scans running processes for security solutions from CrowdStrike, SentinelOne, Carbon Black, and StepSecurity before initiating destructive routines. A notable feature: execution terminates if the operating system is set to Russian. Attribution to a specific threat actor is difficult since TeamPCP has released the underlying worm tools as open source, enabling other actors to adapt these methods.


Source: www.it-daily.net · Published June 4, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.

Share on: