Miasma Attack Compromises Red Hat npm Packages, Steals Credentials

A new supply chain attack campaign dubbed "Miasma" has compromised multiple @redhat-cloud-services npm packages to steal credentials and secrets from developer machines, ultimately delivering a self-propagating worm. Security researchers from Socket, Aikido Security, JFrog, Microsoft, OX Security, SafeDep, StepSecurity, and Wiz identified the campaign as a Mini Shai-Hulud variant, noting it employs install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and downstream propagation capabilities. Attribution remains challenging as TeamPCP, an infamous cybercrime group, has open-sourced Shai-Hulud attack tools, enabling other threat actors to replicate similar attacks. The compromised packages include @redhat-cloud-services/vulnerabilities-client, @redhat-cloud-services/tsc-transform-imports, @redhat-cloud-services/topological-inventory-client, @redhat-cloud-services/sources-client, @redhat-cloud-services/rule-components, @redhat-cloud-services/remediations-client, and @redhat-cloud-services/rbac-client.

The infected npm packages contain obfuscated preinstall hooks designed to collect GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault material, SSH keys, Git credentials, and other sensitive files from developer environments. The malware includes encrypted exfiltration logic that transmits stolen data to "api.anthropic[.]com:443/v1/api" while using GitHub as a fallback mechanism. According to SafeDep, the payload calls OIDC token exchange and whoami endpoints, repackages a tarball (updateTarball, package-updated.tgz), and signs artifacts through Sigstore. Stolen credentials are exfiltrated to attacker-created public GitHub repositories, each carrying the description "Miasma: The Spreading Blight." The malware also avoids execution on Russian-language systems—a pattern previously observed in GlassWorm supply chain campaigns.

The malware enumerates repositories where the stolen token has write access, reads action.yml/action.yaml via GraphQL, and commits workflows through the createCommitOnBranch mutation, making commits appear as verified, signed changes. Socket noted that commit messages can include threatening language such as "IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner:," indicating attempts to weaponize stolen credentials and further poison the software supply chain. OX Security identified the first commit containing "Miasma: The Spreading Blight" on May 29, 2026, suggesting the variant was active or under testing from that date. Organizations should immediately audit their developer environments, rotate exposed credentials, and use tools like our email breach checker and password checker to determine if their credentials have been compromised in this or similar supply chain incidents.