Verify a decision

{"actor":"system:backfill","investigation_id":"942a8de8-adcc-44ae-b95f-c06f862c6f09","kind":"publish","page_slug":"miasma-redhat-npm-supply-chain-attack","published_at":"2026-06-15T17:43:05.291Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Miasma RedHat npm Supply Chain Attack","sections":[{"content":"On June 1, 2026, attackers pushed unauthorized commits to repositories in the RedHatInsights GitHub organization and used those commits to publish malicious versions of 32 packages under the @redhat-cloud-services npm scope. The campaign was named 'Miasma' after a string found in the malicious repository descriptions: 'Miasma: The Spreading Blight.' According to Wiz Research, which first identified the compromise, the malicious activity occurred in two waves: a first wave at 10:53 UTC and a second wave at 13:44–13:46 UTC. Red Hat confirmed the incident and stated the malicious code did not reach customer production systems, attributing the initial access to a compromised employee GitHub account.","heading":"Incident Overview","severity":"critical","sources":[{"credibility":2,"name":"Miasma: Supply Chain Attack Targeting RedHat npm Packages — Wiz Blog","type":"research","url":"https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages"},{"credibility":2,"name":"Miasma Supply Chain Attack Compromises Red Hat npm Packages — The Hacker News","type":"news_article","url":"https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html"},{"credibility":2,"name":"Red Hat npm Packages Compromised to Steal Developer Credentials — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/"},{"credibility":2,"name":"Shai-Hulud Malware Worms Red Hat npm Packages — The Register","type":"news_article","url":"https://www.theregister.com/security/2026/06/01/shai-hulud-malware-infects-red-hat-npm-packages-downloaded-80k-times-weekly/5249803"}]},{"content":"A total of 96 malicious versions were published across 32 packages under the @redhat-cloud-services npm namespace. Cumulative weekly downloads for the affected scope are reported between approximately 80,000 (Wiz, Snyk) and 116,991 (Aikido Security, Socket). Key compromised packages include @redhat-cloud-services/frontend-components, @redhat-cloud-services/frontend-components-utilities, @redhat-cloud-services/frontend-components-notifications, @redhat-cloud-services/rbac-client, @redhat-cloud-services/host-inventory-client, @redhat-cloud-services/compliance-client, @redhat-cloud-services/types, @redhat-cloud-services/javascript-clients, @redhat-cloud-services/platform-frontend-ai-toolkit, and approximately two dozen additional API client packages. Any developer or CI/CD environment that ran npm install against any of these packages after June 1, 2026, should treat all accessible credentials as compromised.","heading":"Scale and Affected Packages","severity":"critical","sources":[{"credibility":2,"name":"Miasma Attack Hits Red Hat npm Packages — Snyk","type":"research","url":"https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/"},{"credibility":2,"name":"Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm — Aikido Security","type":"research","url":"https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm"},{"credibility":2,"name":"Red Hat npm Packages Compromised in Supply-Chain Attack — Orca Security","type":"research","url":"https://orca.security/resources/blog/red-hat-npm-supply-chain-attack/"}]},{"content":"The attack chain began with the theft of a Red Hat employee's GitHub account credentials, which reportedly appeared in infostealer logs as early as April 13, 2026 — approximately seven weeks before the campaign was weaponized. The stolen session cookie bypassed multi-factor authentication. Once inside the RedHatInsights GitHub organization, attackers pushed orphan commits to targeted repositories that bypassed code review. These commits contained a poisoned GitHub Actions workflow (ci.yaml) that, upon any branch push, requested short-lived OIDC tokens from GitHub's trusted publishing infrastructure and used them to publish backdoored package versions directly to the npm registry. The published packages carried valid SLSA Build Level 3 provenance attestations, making them appear legitimate to automated supply chain security tooling. The malicious payload — a 4.2 MB obfuscated JavaScript file (_index.js) — was executed via a preinstall npm lifecycle hook, running automatically before any application code is imported or executed.","heading":"Technical Attack Chain","severity":"critical","sources":[{"credibility":2,"name":"CA-26-018: Miasma/Mini Shai-Hulud Compromise of Red Hat npm Packages — Deepwatch","type":"research","url":"https://www.deepwatch.com/labs/ca-26-018-miasma-mini-shai-hulud-compromise-of-red-hat-npm-packages/"},{"credibility":2,"name":"Miasma: A Worming npm Supply Chain Attack on Red Hat Cloud Services — Upwind","type":"research","url":"https://www.upwind.io/feed/miasma-npm-supply-chain-worm-redhat-credential-harvest"},{"credibility":2,"name":"CSA Research Note: Miasma npm Supply Chain RedHat — Cloud Security Alliance","type":"research","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-miasma-npm-supply-chain-redhat-20260603-cs/"}]},{"content":"The Miasma payload is a credential-harvesting worm with four layers of obfuscation: ROT-based decoding, AES-128-GCM encryption, obfuscator.io transformation, and PBKDF2-HMAC-SHA-256 key derivation. It generates a uniquely encrypted payload per infection, complicating hash-based detection. Upon execution, it downloads the Bun JavaScript runtime (v1.3.13) to evade standard Node.js monitoring, then sweeps a wide range of credential types: GitHub Actions tokens and runner process memory (bypassing log masking), npm and PyPI publish tokens, AWS access keys and session tokens, GCP application default credentials and service account keys, Azure service principal and managed identity tokens, HashiCorp Vault tokens, Kubernetes service accounts and kubeconfig files, SSH private keys, Docker registry credentials, GPG keys, all .env files, and Anthropic API keys via ~/.claude.json. Later variants added dedicated GCP and Azure identity enumeration collectors. Credentials are exfiltrated to attacker-controlled GitHub repositories named 'Miasma: The Spreading Blight,' with a fallback HTTPS channel spoofing Anthropic API traffic (api.anthropic[.]com:443) using double-Base64 encoding and a spoofed python-requests user-agent. The worm also installs persistence hooks targeting AI developer agents, including SessionStart hooks in Anthropic Claude Code configurations and tasks.json modifications in VS Code projects with 'runOn: folderOpen.'","heading":"Payload Capabilities and Credential Harvesting","severity":"critical","sources":[{"credibility":2,"name":"CA-26-018: Miasma/Mini Shai-Hulud Compromise of Red Hat npm Packages — Deepwatch","type":"research","url":"https://www.deepwatch.com/labs/ca-26-018-miasma-mini-shai-hulud-compromise-of-red-hat-npm-packages/"},{"credibility":2,"name":"Miasma Supply Chain Attack Compromises Red Hat npm Packages — The Hacker News","type":"news_article","url":"https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html"},{"credibility":2,"name":"CSA Research Note: Miasma npm Supply Chain RedHat — Cloud Security Alliance","type":"research","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-miasma-npm-supply-chain-redhat-20260603-cs/"}]},{"content":"Miasma is a self-propagating worm: once it has harvested npm tokens from the victim environment, it republishes backdoored versions of any other packages the victim controls, extending the blast radius beyond the initial Red Hat packages. The malware installs a systemd service (gh-token-monitor.service on Linux; a launchctl equivalent on macOS) that monitors the validity of stolen GitHub tokens. A dead man's switch identified by the string 'IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner' is configured to execute destructive commands (rm -rf ~/) if the stolen token is revoked before persistence is removed. Deepwatch's advisory specifically warns responders not to immediately revoke stolen credentials before first removing persistence mechanisms for this reason. Additional dead-drop resolver strings observed include 'firedalazer' and 'thebeautifulmarchoftime.' The malware also avoids execution on Russian-language systems and checks for endpoint protection software from CrowdStrike, SentinelOne, Carbon Black, and StepSecurity before executing.","heading":"Self-Propagation and Dead Man's Switch","severity":"critical","sources":[{"credibility":2,"name":"CA-26-018: Miasma/Mini Shai-Hulud Compromise of Red Hat npm Packages — Deepwatch","type":"research","url":"https://www.deepwatch.com/labs/ca-26-018-miasma-mini-shai-hulud-compromise-of-red-hat-npm-packages/"},{"credibility":2,"name":"Miasma Supply Chain Attack Hits Red Hat @redhat-cloud-services Packages — InvisiRisk","type":"research","url":"https://www.invisirisk.com/blog/red-hat-npm-supply-chain-attack-miasma-hits-redhat-cloud-services/"}]},{"content":"Miasma is a variant of Mini Shai-Hulud, a credential-stealing npm worm attributed to the threat actor group TeamPCP. On May 12, 2026, TeamPCP published the full Mini Shai-Hulud source code to GitHub under an MIT License with the message 'Shai-Hulud: Open Sourcing The Carnage,' simultaneously posting on BreachForums and announcing a $1,000 contest for the largest supply chain attack using the code. The open-sourcing of the tooling significantly complicates attribution: security researchers at Wiz concluded that the TTP overlap between Miasma and earlier TeamPCP operations indicates 'TTP overlap rather than definitive attribution,' leaving open the possibility of copycat actors. Prior to the Red Hat incident, the Mini Shai-Hulud campaign had already compromised packages associated with Bitwarden (April 22, 2026), SAP (April 29, 2026), PyTorch Lightning (April 30, 2026), Microsoft's DurableTask (May 19, 2026), and over 160 packages in the May 12, 2026 wave. Copycat packages identified in May 2026 include chalk-tempalte (typosquat of chalk), @deadcode09284814/axios-util, axois-utils, and color-style-utils.","heading":"Attribution: TeamPCP and the Mini Shai-Hulud Framework","severity":"high","sources":[{"credibility":2,"name":"Mini Shai-Hulud Supply Chain Attack CVE-2026-45321 FAQ — Tenable","type":"research","url":"https://www.tenable.com/blog/mini-shai-hulud-frequently-asked-questions"},{"credibility":2,"name":"Team PCP's Mini Shai-Hulud Tears at Open-Source Trust — ReversingLabs","type":"research","url":"https://www.reversinglabs.com/blog/mini-shai-hulud-tears-at-oss-trust"},{"credibility":2,"name":"Shai-Hulud Code Drop: Open Season for Supply Chain Attacks — ReversingLabs","type":"research","url":"https://www.reversinglabs.com/blog/the-shai-hulud-code-drop"},{"credibility":2,"name":"Mini Shai-Hulud Copycats and the TanStack Wave — Phoenix Security","type":"research","url":"https://phoenix.security/mini-shai-hulud-tanstack-openai-mistral-copycats-deadcode-actor/"}]},{"content":"Miasma does not contain cryptocurrency wallet-draining or blockchain-specific payload modules. No reporting from any security vendor identified crypto-specific targeting in the Miasma variant. However, the attack poses a significant risk to crypto developers for several indirect reasons. First, the worm harvests all environment variables and .env files, which commonly contain private keys, wallet seeds, or RPC provider API keys in crypto development environments. Second, it steals npm and PyPI publish tokens, enabling an attacker to subsequently push malicious versions of any package the victim maintains — including crypto libraries. Third, it harvests Anthropic API keys, which are increasingly used in DeFi and crypto-adjacent AI tooling. Fourth, the @redhat-cloud-services packages are commonly used in enterprise development environments that may include crypto or fintech workloads. Any crypto team or DeFi protocol that installs these packages as transitive dependencies in their CI/CD pipeline should treat this event as a full credential rotation incident.","heading":"Relevance to Crypto Developers and Web3 Build Pipelines","severity":"high","sources":[{"credibility":2,"name":"Miasma: Supply Chain Attack Targeting RedHat npm Packages — Wiz Blog","type":"research","url":"https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages"},{"credibility":2,"name":"NPM Supply Chain Attack Hits Popular Packages with Crypto Drainer — Mend.io","type":"research","url":"https://www.mend.io/blog/npm-supply-chain-attack-infiltrates-popular-packages/"}]},{"content":"Security vendors have published the following indicators of compromise (IOCs) for Miasma. File-based IOCs include temporary JavaScript files at /tmp/p<random>.js, unexpected files named .github/setup.js and _index.js in node_modules, modified IDE configurations in settings.json and .vscode/tasks.json, and systemd services named gh-token-monitor.service. Network IOCs include anomalous DNS queries and HTTPS traffic to api.anthropic[.]com spoofed by the malware as a C2 channel, outbound requests using the spoofed user agent python-requests/2.31.0, and creation of GitHub repositories whose descriptions contain the string 'Miasma: The Spreading Blight' or reversed variants. String artifacts embedded in the malware include 'IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner,' 'firedalazer,' and 'thebeautifulmarchoftime.' Detection guidance includes searching lock files for @redhat-cloud-services references and filtering for index.js files exceeding 4 MB inside node_modules/@redhat-cloud-services. The Snyk advisory reference is SNYK-JS-REDHATCLOUDSERVICESFRONTENDCOMPONENTS-17117384, rated CVSS 9.3 (Critical). No official CVE was assigned as of reporting.","heading":"Indicators of Compromise","severity":"high","sources":[{"credibility":2,"name":"CA-26-018: Miasma/Mini Shai-Hulud Compromise of Red Hat npm Packages — Deepwatch","type":"research","url":"https://www.deepwatch.com/labs/ca-26-018-miasma-mini-shai-hulud-compromise-of-red-hat-npm-packages/"},{"credibility":2,"name":"Miasma Attack Hits Red Hat npm Packages — Snyk","type":"research","url":"https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/"},{"credibility":2,"name":"Miasma Supply Chain Attack Hits Red Hat @redhat-cloud-services Packages — InvisiRisk","type":"research","url":"https://www.invisirisk.com/blog/red-hat-npm-supply-chain-attack-miasma-hits-redhat-cloud-services/"}]},{"content":"Security vendors have issued detailed remediation guidance. The critical first step — emphasized by Deepwatch — is to remove persistence before revoking credentials, because the dead man's switch will execute rm -rf ~/ if stolen GitHub tokens are invalidated while the monitoring service is still active. The recommended remediation sequence is: (1) Audit lock files for affected @redhat-cloud-services package versions and remove or pin dependencies away from compromised versions. (2) Reinstall packages with scripts disabled using npm install --ignore-scripts. (3) Remove persistence: search for and eliminate .claude/settings.json modifications, .vscode/tasks.json entries with 'runOn: folderOpen,' unauthorized .github/setup.js files, and systemd/launchctl services named gh-token-monitor. (4) Only after removing persistence, rotate all exposed credentials: npm tokens, GitHub personal access tokens, AWS/GCP/Azure keys, HashiCorp Vault tokens, SSH keys, Kubernetes service accounts, Docker credentials, and GPG keys. (5) Audit GitHub organizations for unauthorized repositories and workflows. (6) Harden pipelines going forward: enforce branch protection, restrict id-token write permissions in Actions workflows, pin OIDC publishers, require mandatory code review, and validate SBOM attestations. Red Hat removed the affected package versions from the npm registry and stated the malicious code did not reach customer production systems.","heading":"Remediation Guidance","severity":"medium","sources":[{"credibility":2,"name":"Miasma Attack Hits Red Hat npm Packages — Snyk","type":"research","url":"https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/"},{"credibility":2,"name":"CA-26-018: Miasma/Mini Shai-Hulud Compromise of Red Hat npm Packages — Deepwatch","type":"research","url":"https://www.deepwatch.com/labs/ca-26-018-miasma-mini-shai-hulud-compromise-of-red-hat-npm-packages/"},{"credibility":2,"name":"Red Hat npm Packages Compromised in Supply-Chain Attack — Orca Security","type":"research","url":"https://orca.security/resources/blog/red-hat-npm-supply-chain-attack/"}]},{"content":"The Miasma/Red Hat incident is part of a documented surge in npm supply chain attacks in early 2026. The Axios library was compromised on March 31, 2026, when attackers inserted a malicious dependency called 'plain-crypto-js' into several versions. The Bitwarden CLI was compromised on April 22, 2026, via a poisoned GitHub Action, with its malicious payload specifically targeting crypto wallet data. The TrapDoor campaign, reported by Socket on May 24, 2026, tracked over 34 malicious packages and 384+ related versions across npm, PyPI, and Crates.io targeting crypto, DeFi, and AI developers. The Polymarket npm compromise on May 20, 2026, involved nine packages published to harvest crypto wallet keys. TeamPCP's public release of the Mini Shai-Hulud source code on May 12, 2026, lowered the barrier to entry for all subsequent campaigns, enabling copycat actors to mount independent attacks with minimal technical sophistication.","heading":"Broader npm Supply Chain Attack Context (2026)","severity":"high","sources":[{"credibility":2,"name":"The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) — Palo Alto Networks Unit 42","type":"research","url":"https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/"},{"credibility":2,"name":"TrapDoor: A Crypto-Stealing Supply Chain Attack Across npm, PyPI, and Crates.io — CyberLeveling","type":"news_article","url":"https://cyberleveling.com/blog/trapdoor-supply-chain-attack-npm-pypi-crates-2026"},{"credibility":2,"name":"The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation — Flashpoint","type":"research","url":"https://flashpoint.io/blog/mini-shai-hulud-worm-new-era-ci-cd-exploitation/"},{"credibility":2,"name":"Mini Shai-Hulud: Frequently Asked Questions — Security Boulevard","type":"research","url":"https://securityboulevard.com/2026/05/mini-shai-hulud-frequently-asked-questions-about-the-teampcp-npm-and-pypi-supply-chain-campaign/"}]}],"sources_used":[{"credibility":2,"name":"Miasma: Supply Chain Attack Targeting RedHat npm Packages — Wiz Blog","type":"research","url":"https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages"},{"credibility":2,"name":"Miasma Supply Chain Attack Compromises Red Hat npm Packages — The Hacker News","type":"news_article","url":"https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html"},{"credibility":2,"name":"Red Hat npm Packages Compromised to Steal Developer Credentials — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/"},{"credibility":2,"name":"Shai-Hulud Malware Worms Red Hat npm Packages Downloaded 80K Times Weekly — The Register","type":"news_article","url":"https://www.theregister.com/security/2026/06/01/shai-hulud-malware-infects-red-hat-npm-packages-downloaded-80k-times-weekly/5249803"},{"credibility":2,"name":"Miasma Attack Hits Red Hat npm Packages — Snyk","type":"research","url":"https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/"},{"credibility":2,"name":"Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm — Aikido Security","type":"research","url":"https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm"},{"credibility":2,"name":"Red Hat npm Packages Compromised in Supply-Chain Attack — Orca Security","type":"research","url":"https://orca.security/resources/blog/red-hat-npm-supply-chain-attack/"},{"credibility":2,"name":"CA-26-018: Miasma/Mini Shai-Hulud Compromise of Red Hat npm Packages — Deepwatch","type":"research","url":"https://www.deepwatch.com/labs/ca-26-018-miasma-mini-shai-hulud-compromise-of-red-hat-npm-packages/"},{"credibility":2,"name":"Miasma: A Worming npm Supply Chain Attack on Red Hat Cloud Services — Upwind","type":"research","url":"https://www.upwind.io/feed/miasma-npm-supply-chain-worm-redhat-credential-harvest"},{"credibility":2,"name":"CSA Research Note: Miasma npm Supply Chain RedHat — Cloud Security Alliance","type":"research","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-miasma-npm-supply-chain-redhat-20260603-cs/"},{"credibility":2,"name":"Miasma Supply Chain Attack Hits Red Hat @redhat-cloud-services Packages — InvisiRisk","type":"research","url":"https://www.invisirisk.com/blog/red-hat-npm-supply-chain-attack-miasma-hits-redhat-cloud-services/"},{"credibility":2,"name":"Miasma Supply Chain Attack Compromises Red Hat npm Packages — Rescana","type":"news_article","url":"https://www.rescana.com/post/miasma-supply-chain-attack-compromises-red-hat-redhat-cloud-services-npm-packages-with-credential-stealing-worm-cybersec"},{"credibility":2,"name":"Mini Shai-Hulud Supply Chain Attack CVE-2026-45321 FAQ — Tenable","type":"research","url":"https://www.tenable.com/blog/mini-shai-hulud-frequently-asked-questions"},{"credibility":2,"name":"Mini Shai-Hulud: Frequently Asked Questions — Security Boulevard","type":"research","url":"https://securityboulevard.com/2026/05/mini-shai-hulud-frequently-asked-questions-about-the-teampcp-npm-and-pypi-supply-chain-campaign/"},{"credibility":2,"name":"Team PCP's Mini Shai-Hulud Tears at Open-Source Trust — ReversingLabs","type":"research","url":"https://www.reversinglabs.com/blog/mini-shai-hulud-tears-at-oss-trust"},{"credibility":2,"name":"Shai-Hulud Code Drop: Open Season for Supply Chain Attacks — ReversingLabs","type":"research","url":"https://www.reversinglabs.com/blog/the-shai-hulud-code-drop"},{"credibility":2,"name":"The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation — Flashpoint","type":"research","url":"https://flashpoint.io/blog/mini-shai-hulud-worm-new-era-ci-cd-exploitation/"},{"credibility":2,"name":"Mini Shai-Hulud Copycats and the TanStack Wave — Phoenix Security","type":"research","url":"https://phoenix.security/mini-shai-hulud-tanstack-openai-mistral-copycats-deadcode-actor/"},{"credibility":2,"name":"Mini Shai-Hulud: The Worm Returns and Goes Public — Akamai","type":"research","url":"https://www.akamai.com/blog/security-research/mini-shai-hulud-worm-returns-goes-public"},{"credibility":2,"name":"The npm Threat Landscape: Attack Surface and Mitigations — Palo Alto Networks Unit 42","type":"research","url":"https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/"},{"credibility":2,"name":"TrapDoor: A Crypto-Stealing Supply Chain Attack Across npm, PyPI, and Crates.io — CyberLeveling","type":"news_article","url":"https://cyberleveling.com/blog/trapdoor-supply-chain-attack-npm-pypi-crates-2026"},{"credibility":2,"name":"Polymarket npm Packages Steal Crypto Wallet Keys — SafeDep","type":"research","url":"https://safedep.io/malicious-polymarket-npm-crypto-wallet-drainer/"},{"credibility":2,"name":"Miasma: Red Hat npm Supply Chain Worm — Cloud Security Alliance Labs","type":"research","url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-miasma-npm-supply-chain-redhat-20260603-cs/"},{"credibility":2,"name":"Miasma NPM Supply Chain Attack: Red Hat Cloud Services npm Packages — Phoenix Security","type":"research","url":"https://phoenix.security/miasma-redhat-cloud-services-npm-supply-chain-shai-hulud-variant/"},{"credibility":2,"name":"Shai-Hulud Clone 'Miasma' Compromises 32 Red Hat npm Packages — DevOps.com","type":"news_article","url":"https://devops.com/shai-hulud-clone-miasma-compromises-32-red-hat-npm-packages/"}],"summary":"Miasma is a self-propagating credential-stealing worm that compromised 32 official npm packages under the @redhat-cloud-services namespace on June 1, 2026, affecting an estimated 80,000 to 117,000 weekly downloads. The attack was facilitated by a compromised Red Hat employee GitHub account and used GitHub Actions OIDC trusted publishing to inject a 4.2 MB obfuscated preinstall payload derived from the publicly released Mini Shai-Hulud malware framework attributed to the threat actor group TeamPCP. While not a cryptocurrency-specific attack, the worm harvests cloud credentials, CI/CD secrets, and developer tokens — including Anthropic API keys — from any environment running the affected packages, and it is highly relevant to crypto developers who use these packages in their build pipelines.","timeline":[{"date":"2026-04-13","event":"Red Hat employee GitHub credentials appear in infostealer logs, approximately 7 weeks before weaponization.","source":"Cloud Security Alliance Research Note; Wiz Blog","source_url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-miasma-npm-supply-chain-redhat-20260603-cs/"},{"date":"2026-04-22","event":"Bitwarden CLI compromised via poisoned GitHub Actions workflow in the Mini Shai-Hulud campaign; payload targets crypto wallet data.","source":"Aikido Security; The Hacker News","source_url":"https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm"},{"date":"2026-04-29","event":"Four SAP npm packages compromised via leaked npm token in the Mini Shai-Hulud campaign.","source":"Aikido Security","source_url":"https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm"},{"date":"2026-04-30","event":"PyTorch Lightning package compromised on PyPI as part of the same campaign.","source":"Aikido Security","source_url":"https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm"},{"date":"2026-05-12","event":"TeamPCP open-sources the full Mini Shai-Hulud worm source code on GitHub under MIT License; simultaneously announces a $1,000 BreachForums contest for the largest supply chain attack using the code. Concurrently, the campaign expands to 160+ packages.","source":"ReversingLabs; Tenable; Security Boulevard","source_url":"https://www.reversinglabs.com/blog/the-shai-hulud-code-drop"},{"date":"2026-05-15","event":"Additional Red Hat employee credentials detected in infostealer logs.","source":"The Hacker News","source_url":"https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html"},{"date":"2026-05-19","event":"Microsoft's DurableTask npm package compromised in the Mini Shai-Hulud campaign.","source":"Aikido Security","source_url":"https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm"},{"date":"2026-05-20","event":"Nine malicious Polymarket-branded npm packages published targeting crypto wallet keys.","source":"SafeDep","source_url":"https://safedep.io/malicious-polymarket-npm-crypto-wallet-drainer/"},{"date":"2026-05-24","event":"Socket reports TrapDoor campaign: 34+ malicious packages across npm, PyPI, and Crates.io targeting crypto and DeFi developers.","source":"CyberLeveling","source_url":"https://cyberleveling.com/blog/trapdoor-supply-chain-attack-npm-pypi-crates-2026"},{"date":"2026-05-29","event":"First commit containing the 'Miasma: The Spreading Blight' string appears in RedHatInsights repositories.","source":"The Hacker News","source_url":"https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html"},{"date":"2026-06-01","event":"Miasma attack executes in two waves (10:53 UTC and 13:44–13:46 UTC). Malicious commits pushed to RedHatInsights GitHub organization; 96 backdoored versions of 32 @redhat-cloud-services npm packages published with valid SLSA provenance attestations.","source":"Wiz Blog; Orca Security; The Register","source_url":"https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages"},{"date":"2026-06-01","event":"Wiz Research publicly discloses the Miasma campaign. Red Hat removes affected packages from the npm registry and issues a statement that malicious code did not reach customer production systems.","source":"The Register; BleepingComputer","source_url":"https://www.theregister.com/security/2026/06/01/shai-hulud-malware-infects-red-hat-npm-packages-downloaded-80k-times-weekly/5249803"},{"date":"2026-06-03","event":"Cloud Security Alliance publishes research note on Miasma with extended technical analysis.","source":"Cloud Security Alliance","source_url":"https://labs.cloudsecurityalliance.org/research/csa-research-note-miasma-npm-supply-chain-redhat-20260603-cs/"}]},"v":1}