Miasma Supply Chain Attack Compromises Red Hat npm Packages, Stealing Developer Credentials and Secrets

A recent supply chain attack, dubbed Miasma, has targeted Red Hat’s cloud services, compromising several npm packages to extract sensitive credentials and secrets from developer environments. This attack is part of a broader campaign known as Mini Shai-Hulud, which employs sophisticated tactics to infiltrate software supply chains.

Overview of the Miasma Attack

The Miasma campaign has reportedly exploited vulnerabilities in various @redhat-cloud-services packages, enabling attackers to deploy a self-propagating worm. This malicious software is designed to harvest credentials and other sensitive information from developer machines. The attack leverages established tactics such as install-time execution, credential harvesting, and encrypted data exfiltration.

According to Socket, a cybersecurity firm, “This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential downstream propagation.” The precise identity of the attackers remains uncertain, as TeamPCP, a notorious cybercrime group, has made the tools associated with the Shai-Hulud worm publicly available. This has facilitated similar attacks by other threat actors, complicating efforts to attribute the attack definitively.

Affected Packages and Technical Details

The attack has impacted several npm packages, including:

• @redhat-cloud-services/vulnerabilities-client
• @redhat-cloud-services/tsc-transform-imports
• @redhat-cloud-services/topological-inventory-client
• @redhat-cloud-services/sources-client
• @redhat-cloud-services/rule-components
• @redhat-cloud-services/remediations-client
• @redhat-cloud-services/rbac-client

Analysis from multiple cybersecurity organizations, including Aikido Security, JFrog, and Microsoft, indicates that the compromised npm packages contain an obfuscated preinstall hook. This hook is engineered to collect a wide range of sensitive data, including GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault materials, SSH keys, and Git credentials.

The malware also incorporates encrypted exfiltration logic, transmitting stolen data to “api.anthropic[.]com:443/v1/api” while using GitHub as a fallback mechanism. This dual approach highlights the attackers’ intent to not only steal credentials but also to weaponize them, further endangering the software supply chain.

Evasion Tactics and Persistence Mechanisms

Notably, the malware has been designed to avoid execution on Russian-language systems, a tactic reminiscent of previous campaigns such as GlassWorm. For npm, the payload interacts with OIDC token exchange and whoami endpoints, repackaging a tarball and signing the artifact through Sigstore. Stolen credentials are exfiltrated to public GitHub repositories, each labeled with the description “Miasma: The Spreading Blight.”

The first commit containing this phrase was identified on May 29, 2026, suggesting that the attack variant may have been active since that date or that the threat actor began testing around that time.

In terms of GitHub interactions, the malware enumerates repositories accessible to the compromised token, reads action.yml/action.yaml via GraphQL, and commits a workflow through the createCommitOnBranch mutation. This ensures that the commit appears as a verified, signed change, further complicating detection efforts.

Additional Malicious Activities

The malware also attempts privilege escalation by launching a container that bind-mounts the host’s /etc/sudoers.d, granting the CI runner passwordless sudo access. Before executing malicious actions, it checks for endpoint protection from various security solutions, including CrowdStrike and SentinelOne.

To maintain persistence, the malware injects a SessionStart hook into Anthropic Claude Code and modifies tasks.json for Microsoft Visual Studio Code projects, ensuring that it launches automatically during each session. Researchers from Wiz have noted that this variant includes new data collectors focused on cloud identities, specifically targeting GCP and Azure identities to gather all accessible identities on the infected machine.

Unlike earlier versions, this malware generates a uniquely encrypted payload for each infection, significantly complicating detection and version tracking.

Compromise and Recommendations

Evidence suggests that the initial compromise may have stemmed from a Red Hat employee’s GitHub account, which was exploited to inject the malicious payload into the affected packages. The compromised account reportedly pushed malicious orphan commits to two RedHatInsights repositories, circumventing standard code review processes.

To mitigate the impact of this attack, organizations are advised to isolate hosts that have installed the affected versions, remove the malicious packages, and rotate any exposed credentials. Additionally, it is crucial to review for signs of suspicious GitHub or npm activity and audit the environment for persistence artifacts related to configuration files.

Socket emphasizes that “because the malware includes background execution and potential developer-tool persistence mechanisms, uninstalling the npm package or deleting node_modules should not be considered sufficient cleanup.” For CI/CD systems, it is recommended to suspend affected workflow runs and invalidate any build artifacts produced during the exposure window.

For further details on the Miasma attack and its implications, refer to the original reporting source: thehackernews.com.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.