Miasma npm Supply Chain Attack
Summary
Miasma is a multi-wave, self-propagating npm supply chain attack campaign active from June 1 through at least June 10, 2026, that compromised hundreds of widely-used npm packages and dozens of GitHub repositories across organizations including Red Hat, Vapi.ai, and Microsoft Azure. The malware, a variant of the Mini Shai-Hulud credential-stealing worm associated with threat actor TeamPCP (also tracked as UNC6780), exfiltrates cloud credentials, CI/CD secrets, SSH keys, and browser-stored data including crypto wallet files, then uses stolen tokens to republish backdoored package versions and spread to additional repositories. No confirmed cryptocurrency theft or quantified financial loss from crypto assets had been publicly documented as of the investigation date, though the malware's collectors enumerate local wallet storage and the attack's credential-theft scope poses downstream risk to any crypto developer environments that installed affected packages.
Connected Entities
1 entities · 10 linked investigations- + 4 more
Timeline(19 events)
2025-09-01
Original Shai-Hulud worm created by TeamPCP (approximate month; exact date not publicly confirmed).
Tenable Mini Shai-Hulud FAQ2025-11-01
SHA1-Hulud variant of the Shai-Hulud framework deployed (approximate month).
Tenable Mini Shai-Hulud FAQ2026-03-01
SANDWORM_MODE iteration of the Shai-Hulud worm family deployed (approximate month).
Tenable Mini Shai-Hulud FAQ2026-04-01
Mini Shai-Hulud generation (basis for Miasma) deployed by TeamPCP.
Tenable Mini Shai-Hulud FAQ2026-04-13
Red Hat employee's GitHub credentials first appear in infostealer logs, initiating 48-day dormancy before exploitation.
Miasma Supply Chain Attack: the Seven-Week Credential Trail — CybelAngel2026-05-15
Compromised Red Hat session cookie resurfaces in infostealer logs for a second time.
Miasma Supply Chain Attack Compromises Red Hat npm Packages — The Hacker News2026-05-19
Three malicious versions of the durabletask Python package published to PyPI via compromised contributor account; credential harvester rope.pyz deployed.
Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled — StepSecurity2026-05-29
First 'Miasma: The Spreading Blight' commit appears on GitHub, per Hacker News reporting.
Miasma Supply Chain Attack Compromises Red Hat npm Packages — The Hacker News2026-06-01
Wave 1: Attacker pushes malicious orphan commits to RedHatInsights GitHub repositories at 10:53 UTC and 13:44–13:46 UTC, backdooring 32 packages in the @redhat-cloud-services npm namespace affecting approximately 80,000–117,000 weekly downloads.
Miasma: Supply Chain Attack Targeting RedHat npm Packages — Wiz Blog2026-06-01
Public disclosure of Wave 1 by multiple security vendors including Wiz, Microsoft Security Blog, and OX Security.
Miasma Supply Chain Attack Compromises Red Hat npm Packages — The Hacker News2026-06-03
Wave 2 (Phantom Gyp): Attacker compromises Vapi.ai developer's GitHub token beginning at 22:56 UTC; @vapi-ai/server-sdk malicious versions (0.11.1, 0.11.2, 1.2.1, 1.2.2) published by 23:30 UTC.
Our response to the June 3, 2026 supply chain incident — Vapi.ai2026-06-03
Wave 2 expands: 50+ packages belonging to npm maintainer jagreehal compromised, including ai-sdk-ollama (120,000+ monthly downloads), across 57 total packages and 286+ malicious versions within under two hours.
Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp — StepSecurity2026-06-03
Vapi.ai removes malicious npm versions and revokes compromised account access; packages had zero downloads before removal.
Our response to the June 3, 2026 supply chain incident — Vapi.ai2026-06-04
StepSecurity publishes independent research on the Phantom Gyp binding.gyp technique. Over 118 GitHub repositories containing stolen credentials identified.
Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp — StepSecurity2026-06-05
Wave 3: Malicious commit pushed to Azure/durabletask GitHub repository, injecting AI coding agent configuration triggers. GitHub disables 73 Microsoft repositories across four organizations within 105 seconds.
Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled — StepSecurity2026-06-05
Disabling of Azure/functions-action breaks GitHub Actions workflows globally for projects referencing the @v1 tag; 20+ developers report broken deployments.
Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled — StepSecurity2026-06-05
Sonatype reports 304 cumulative malicious npm package components identified across the Miasma campaign.
New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages — Sonatype2026-06-08
Security Joes publishes research titled 'Shai-Hulud: Miasma — When a Supply-Chain Worm Learned to Hijack AI Coding Agents'. Morphisec publishes Wave 3 analysis.
Shai-Hulud: Miasma — When a Supply-Chain Worm Learned to Hijack AI Coding Agents — Security Joes2026-06-10
Phoenix Security reports on Hades wave: 37 malicious Python wheels published to PyPI in parallel with Azure GitHub attack; 73 repositories disabled confirmed.
Miasma Worm Reaches Microsoft Azure and PyPI: 73 Repositories Disabled, Hades Wave Drops 37 Malicious Python Wheels — Phoenix SecurityDecision Log
- hash: DbbKCqFLxhSM8AGsKRWyNH9DsfMNjxeN8g55HDs6PmAR
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/16/2026, 5:12:10 PM
last updated: 6/16/2026, 5:12:24 PM
avoid.net — verified advice for a post-truth world