Bright Nexus

Published on June 2, 2026

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Severity

High

Detail

A highly sophisticated supply chain campaign, codenamed Miasma, has compromised several official @redhat-cloud-services npm packages. This variant of the Mini Shai Hulud malware is designed to harvest sensitive cloud, CI/CD, and developer credentials while deploying a self propagating worm across developer environments. The initial compromise was traced to an infostealer infection affecting a Red Hat employee’s GitHub account. The attacker subsequently pushed malicious orphan commits directly into two RedHatInsights repositories, bypassing standard code review and security controls.

The techniques used in this campaign closely resemble previous Shai Hulud worm operations, including install time execution, encrypted data exfiltration, and downstream propagation. Although TeamPCP, also known as Replicating Marauder, TGR CRI 1135, and UNC6780, previously released similar tooling publicly, making definitive attribution difficult, the Miasma variant introduces several notable enhancements. Among the observed changes are a language-based execution check that prevents operation on Russian language systems, a behavior previously associated with GlassWorm campaigns, and a mechanism that generates a uniquely encrypted payload for each infection. These modifications significantly reduce the effectiveness of traditional signature-based detection methods.

How?

The malicious npm packages contain an obfuscated preinstall hook that executes automatically during package installation. Once activated, the malware performs extensive host reconnaissance and collects GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault secrets, SSH keys, and Git credentials. Additional collection capabilities targeting Google Cloud Platform and Microsoft Azure environments have also been identified.

Data exfiltration is performed through encrypted network communications directed to api.anthropic[.]com. If direct network exfiltration is unsuccessful, the malware falls back to GitHub API abuse by creating public repositories containing the phrase “Miasma: The Spreading Blight” and transferring encrypted data through commit operations designed to resemble legitimate signed commits.

Several advanced techniques are employed to improve persistence and evade detection:

  • EDR Evasion: Detection checks are performed for security products such as CrowdStrike, SentinelOne, Carbon Black, and StepSecurity Harden Runner before malicious activities begin.
  • Privilege Escalation: A container is launched with a bind mount to the host /etc/sudoers.d directory, enabling passwordless sudo privileges for the CI runner.
  • Developer Tool Persistence: Malicious configuration changes are injected into Anthropic Claude Code through the ~/.claude/settings.json file. Additional persistence is established through a VS Code tasks.json configuration that executes automatically when a project folder is opened.

Affected Packages

The following @redhat-cloud-services npm packages have been confirmed as affected:

  • @redhat-cloud-services/vulnerabilities-client
  • @redhat-cloud-services/tsc-transform-imports
  • @redhat-cloud-services/topological-inventory-client
  • @redhat-cloud-services/sources-client
  • @redhat-cloud-services/rule-components
  • @redhat-cloud-services/remediations-client
  • @redhat-cloud-services/rbac-client

Conclusion

The Miasma campaign highlights a dangerous escalation in software supply chain attacks, actively targeting developer tools and CI/CD pipelines to weaponize development ecosystems. Because the malware establishes deep background persistence and hooks directly into local developer tooling (like VS Code and Claude Code), simply deleting the node_modules directory or uninstalling the npm packages is insufficient.

Organizations must immediately isolate infected host machines, forcefully rotate all exposed credentials, audit developer configuration files for malicious hooks, and rigorously review any container images, deployment artifacts, or packages compiled during the exposure window.

Source

https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html