Miasma Malware Compromises Red Hat npm Packages in Evolving Supply Chain Attack
A newly identified software supply chain campaign, referred to as Miasma, represents a significant evolution of the Shai-Hulud supply chain attack. This latest threat has compromised several npm packages associated with redhat-cloud-services, enabling attackers to steal credentials, harvest sensitive information from developer systems, and propagate through development environments in a worm-like manner.
Security researchers from Socket characterize Miasma as a smaller yet highly effective successor to previous Shai-Hulud campaigns. They note that it employs many of the same tactics that have proven successful in earlier attacks against software development ecosystems.
“This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential downstream propagation,” stated Socket.
Attribution Remains Unclear as TeamPCP Tools Continue to Circulate
The identity of the threat actor behind the Miasma campaign remains uncertain. A significant factor contributing to this ambiguity is the involvement of TeamPCP, a notorious cybercrime group that has previously open-sourced tools linked to the original Shai-Hulud worm. By making these resources publicly available, TeamPCP has lowered the barrier for other attackers to initiate similar operations, complicating attribution efforts.
Currently, researchers have not confidently linked the Miasma campaign to any specific actor.
Affected redhat-cloud-services Packages
The Miasma attack has targeted multiple packages published under the redhat-cloud-services namespace. The known compromised packages include:
- @redhat-cloud-services/vulnerabilities-client
- @redhat-cloud-services/tsc-transform-imports
- @redhat-cloud-services/topological-inventory-client
- @redhat-cloud-services/sources-client
- @redhat-cloud-services/rule-components
- @redhat-cloud-services/remediations-client
- @redhat-cloud-services/rbac-client
The malicious code embedded within these packages is designed to execute during installation, allowing attackers to collect sensitive information from infected developer environments.
Encrypted Data Theft and GitHub-Based Propagation
Similar to earlier iterations of the Shai-Hulud attack, the Miasma malware incorporates encrypted exfiltration capabilities. Stolen information is transmitted to the endpoint “api.anthropic[.]com:443/v1/api,” while GitHub serves as a secondary communication and propagation channel.
According to Socket, the malware can commit encrypted data packages directly through GitHub’s API.
“It commits the encrypted result envelope through the GitHub API,” Socket noted. “The commit message can include: IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner.”
Researchers from OX Security identified the first commit containing the phrase “Miasma: The Spreading Blight” on May 29, 2026. This suggests that the malware variant may have been active by that date or that attackers began testing the campaign around that time.
GitHub Abuse Enables Verified Malicious Commits
The Miasma malware actively searches for repositories where stolen GitHub tokens possess write permissions. It inspects action.yml and action.yaml files using GraphQL queries before injecting malicious workflows through GitHub’s createCommitOnBranch mutation.
This technique allows the resulting commits to appear as legitimate, verified, and signed changes, increasing the likelihood that malicious modifications will evade scrutiny.
In addition to these capabilities, the malware can perform several other actions, including:
- Attempting privilege escalation by launching containers that bind-mount the host’s /etc/sudoers.d directory, granting passwordless sudo access to CI runners.
- Detecting endpoint protection products such as CrowdStrike, SentinelOne, Carbon Black, and StepSecurity Harden-Runner before executing malicious activities.
- Establishing persistence by modifying Anthropic Claude Code through a SessionStart hook.
- Creating Visual Studio Code tasks.json files configured with
"runOn": "folderOpen"to ensure automatic execution whenever a project is opened.
Red Hat GitHub Account Believed to Be Initial Entry Point
Investigators believe that the Miasma campaign originated from the compromise of a Red Hat employee’s GitHub account. Evidence indicates that this account served as the initial entry point, allowing attackers to inject malicious code into the affected redhat-cloud-services packages.
The compromised account reportedly pushed malicious orphan commits into two RedHatInsights repositories, enabling the attacker to bypass normal code review procedures and introduce the malicious payload.
Recommended Response and Remediation Steps
Security experts recommend that organizations using affected redhat-cloud-services package versions immediately isolate impacted systems and remove compromised releases. Additional recommendations include:
- Rotating all potentially exposed credentials.
- Reviewing GitHub and npm activity for suspicious behavior.
- Auditing environments for persistence mechanisms.
- Investigating modifications to configuration files, including:
- ~/.claude/settings.json
- .vscode/tasks.json
- .github/workflows/codeql.yml
- .github/setup.js
- Enforcing stronger access controls across development environments.
Socket emphasized that merely removing the malicious package is insufficient.
“Because the malware includes background execution and potential developer-tool persistence mechanisms, uninstalling the npm package or deleting node_modules should not be considered sufficient cleanup,” Socket explained.
Organizations operating CI/CD pipelines are also urged to suspend affected workflows, invalidate any build artifacts created during the exposure period, and review whether software releases, container images, npm packages, or deployment artifacts were generated after the installation of the malicious package.
For further details on the Miasma campaign, visit thecyberexpress.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
