A newly discovered software supply chain attack campaign, dubbed Miasma, has compromised several npm packages associated with Red Hat cloud services. Security researchers warn that the malware is designed to steal sensitive credentials, target CI/CD environments, and potentially spread itself across software development ecosystems.
According to security firm Socket, the campaign closely resembles the infamous Mini Shai-Hulud malware operation.
“This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential downstream propagation,” Socket stated.
Attribution Remains Unclear
Researchers have not yet identified the threat actor responsible for the campaign. Attribution is complicated by the fact that TeamPCP, a well-known cybercrime group linked to the original Shai-Hulud worm, previously open-sourced many of its attack tools. This has enabled other threat actors to reuse the malware framework and launch similar attacks.
Affected npm Packages
The following Red Hat-related npm packages have been identified as compromised:
- @redhat-cloud-services/vulnerabilities-client
- @redhat-cloud-services/tsc-transform-imports
- @redhat-cloud-services/topological-inventory-client
- @redhat-cloud-services/sources-client
- @redhat-cloud-services/rule-components
- @redhat-cloud-services/remediations-client
- @redhat-cloud-services/rbac-client
Malware Targets Secrets and Credentials
Security analyses conducted by Aikido Security, JFrog, Microsoft, OX Security, SafeDep, StepSecurity, and Wiz revealed that the malicious packages contain an obfuscated preinstall hook that executes during package installation.
The malware is capable of harvesting a wide range of sensitive information, including:
- GitHub Actions secrets
- npm authentication tokens
- Cloud service credentials
- Kubernetes configuration data
- HashiCorp Vault secrets
- SSH private keys
- Git credentials
- Other sensitive configuration files
Encrypted Data Exfiltration and GitHub Abuse
Similar to previous Mini Shai-Hulud campaigns, the malware includes encrypted data exfiltration capabilities. Stolen information is reportedly transmitted to a server masquerading as an Anthropic API endpoint and can also leverage GitHub repositories as a backup communication channel.
Socket researchers observed that the malware commits encrypted data through GitHub APIs, sometimes using threatening commit messages intended to discourage victims from revoking compromised credentials.
The attackers appear to be using stolen credentials not only for data theft but also to further compromise software supply chains.
Russian Systems Excluded
Researchers noted that the malware avoids execution on systems configured with Russian-language settings. This behavior has also been observed in previous supply chain attacks, including the GlassWorm campaign, and is often considered an indicator of threat actors attempting to avoid attention from certain jurisdictions.
Advanced Supply Chain Propagation Techniques
SafeDep researchers found that the malware actively targets npm and GitHub environments to expand its reach.
For npm ecosystems, the malware:
- Accesses OIDC token exchange mechanisms
- Repackages project tarballs
- Generates modified package archives
- Uses Sigstore signing to make malicious artifacts appear legitimate
Stolen credentials are then uploaded to attacker-controlled public GitHub repositories carrying the description:
“Miasma: The Spreading Blight”
OX Security identified the first known commit containing this phrase on May 29, 2026, suggesting that the campaign may have started around that time or was undergoing testing before broader deployment.
GitHub Workflow Manipulation
The malware also targets GitHub repositories by:
- Enumerating repositories writable by compromised tokens
- Reading GitHub Actions workflow files
- Injecting malicious workflows through GitHub GraphQL APIs
- Creating commits that appear verified and cryptographically signed
These actions enable attackers to compromise software development pipelines while maintaining an appearance of legitimacy.
Persistence and Privilege Escalation
Researchers discovered several advanced persistence mechanisms embedded within the malware.
These include:
Privilege Escalation
The malware attempts to launch containers that mount host system directories and grant CI/CD runners passwordless sudo access.
Security Tool Detection
Before executing malicious actions, the malware checks for the presence of endpoint protection solutions such as:
- CrowdStrike
- SentinelOne
- Carbon Black
- StepSecurity Harden-Runner
Developer Environment Persistence
To maintain long-term access, the malware injects persistence hooks into developer tools, including:
- Anthropic Claude Code session startup settings
- Visual Studio Code tasks configured to execute automatically whenever a project folder is opened
This allows malicious code to run repeatedly across future development sessions.
Increased Focus on Cloud Identity Theft
Wiz researchers highlighted a major evolution in this latest variant.
While earlier versions primarily targeted secrets and tokens, Miasma now includes dedicated collectors for:
- Google Cloud Platform (GCP) identities
- Microsoft Azure identities
The malware attempts to enumerate every cloud identity accessible from the infected machine.
Researchers believe this reflects a strategic shift toward gaining direct access to cloud infrastructure rather than simply stealing credentials.
Unique Encryption Per Infection
Unlike earlier variants, Miasma generates a unique encrypted payload for each compromised system.
This significantly complicates:
- Malware detection
- Signature-based identification
- Campaign tracking
- Incident response investigations
Possible Initial Compromise
Evidence suggests that the attack may have originated from the compromise of a Red Hat employee’s GitHub account.
Researchers believe the attacker used the compromised account to push malicious orphan commits into two Red Hat Insights repositories, bypassing standard code review processes and enabling malicious code to enter official package releases.
Adding to this theory, threat intelligence company WhiteIntel reported discovering Red Hat GitHub credentials and session cookies within infostealer logs on April 13 and May 15, 2026, potentially providing attackers with the access needed to compromise the employee account.
Recommended Mitigation Steps
Organizations that installed affected package versions should take immediate action:
- Isolate impacted systems.
- Remove compromised package versions.
- Rotate all potentially exposed credentials.
- Review GitHub and npm activity logs for suspicious behavior.
- Audit environments for persistence artifacts.
- Inspect the following files for unauthorized modifications:
- ~/.claude/settings.json
- .vscode/tasks.json
- .github/workflows/codeql.yml
- .github/setup.js
- Strengthen access controls and authentication policies.
Security experts emphasize that simply uninstalling the affected npm packages is not enough.
Because the malware establishes persistence and background execution mechanisms, organizations must conduct thorough forensic investigations to ensure complete removal.
For CI/CD environments, affected workflow runs should be suspended immediately, and any software releases, container images, deployment artifacts, or packages created during the exposure window should be considered potentially compromised.
Part of a Growing Supply Chain Threat Trend
The Miasma campaign is the latest in a series of high-profile supply chain attacks targeting the open-source ecosystem.
Recent incidents have impacted projects and organizations including:
- Aqua Trivy
- Checkmarx KICS
- Bitwarden
- SAP
- TanStack
- GitHub
- Nx Console
Last month, researchers also uncovered the Megalodon campaign, which injected malicious GitHub Actions workflows to steal CI/CD secrets, cloud credentials, and authentication tokens.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors are increasingly targeting enterprise development infrastructure, including CI/CD pipelines, developer extensions, automation workflows, and cloud-native development environments.
As software supply chain attacks continue to evolve, organizations are being urged to strengthen monitoring, implement least-privilege access controls, and continuously audit development environments for signs of compromise.
