Cybersecurity researchers have uncovered a new software supply chain attack campaign named Miasma that compromised multiple npm packages linked to Red Hat cloud services in an effort to steal credentials, extract sensitive information from developer systems, and spread a self propagating malware infection. Security researchers described the campaign as a smaller scale variation of the previously documented Shai Hulud worm because it uses many of the same tactics including install time execution, credential harvesting, CI/CD targeting, encrypted data exfiltration, and downstream propagation through trusted software environments. The activity was identified by Socket, which stated that the campaign leveraged malicious code embedded within npm packages commonly used in development workflows, creating risks for organizations that rely on open source software dependencies.
Researchers said the exact threat actor behind the campaign remains unclear. Attribution has become increasingly difficult because TeamPCP, also known as Replicating Marauder, TGR CRI 1135, and UNC6780, had previously released tools associated with the Shai Hulud malware publicly, enabling other cybercriminal actors to adopt similar methods. Several affected npm packages were reportedly compromised, including @redhat-cloud-services/vulnerabilities-client, @redhat-cloud-services/tsc-transform-imports, @redhat-cloud-services/topological-inventory-client, @redhat-cloud-services/sources-client, @redhat-cloud-services/rule-components, @redhat-cloud-services/remediations-client, and @redhat-cloud-services/rbac-client. Security analysis from organizations including Aikido Security, JFrog, Microsoft, OX Security, ReversingLabs, SafeDep, StepSecurity, and Wiz found that these packages contained obfuscated preinstall scripts capable of harvesting GitHub Actions secrets, npm authentication tokens, cloud credentials, Kubernetes and Vault secrets, SSH keys, Git credentials, and other sensitive data stored on infected systems.
The malware also introduced encrypted data exfiltration mechanisms that transmitted stolen information through an endpoint designed to resemble Anthropic infrastructure while using GitHub as a fallback channel. Researchers noted that the malware attempted to weaponize stolen credentials to expand the compromise into software supply chains by tampering with repositories and automation workflows. Security firm SafeDep reported that the malicious payload interacted with npm identity services, repackaged software tarballs, and signed manipulated artifacts using Sigstore to preserve legitimacy. Investigators also discovered that compromised credentials were sent to attacker controlled public GitHub repositories carrying the description “Miasma: The Spreading Blight.” According to OX Security, the earliest known commit linked to this identifier appeared on May 29, 2026, suggesting either active deployment or testing around that period. Additional analysis showed the malware scanning repositories where compromised GitHub tokens had write access and modifying workflows using verified commit techniques to maintain trust and evade suspicion.
Researchers further observed sophisticated persistence and evasion techniques built into the malware. The malicious software reportedly checked for endpoint protection products including CrowdStrike, SentinelOne, Carbon Black, and StepSecurity Harden Runner before initiating its activity. It also attempted privilege escalation in CI/CD systems by modifying container environments to grant passwordless administrative privileges. Persistence mechanisms included injecting startup hooks into Anthropic Claude Code and modifying Visual Studio Code project configurations so malware execution could automatically occur whenever projects were opened. Wiz researchers reported that this latest version introduced new collectors targeting cloud identities in Google Cloud Platform and Microsoft Azure, signaling increased interest in obtaining direct cloud access rather than only extracting stored secrets. Evidence gathered during the investigation suggests that the compromise may have originated from a Red Hat employee GitHub account, where malicious orphan commits were allegedly pushed to repositories without code review. Security researchers recommend isolating affected systems, rotating credentials, auditing workflow changes, removing malicious package versions, and reviewing software artifacts created during the compromise period. The disclosure follows a growing number of supply chain incidents affecting open source ecosystems, including attacks involving Aqua Trivy, Checkmarx KICS, Bitwarden, SAP, TanStack, GitHub, Nx Console, and the recently identified Megalodon campaign that targeted CI/CD secrets and cloud environments.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
