- Four npm packages in the @asyncapi namespace were compromised, distributing a multi-stage botnet loader called Miasma.
- The attack exploited the project’s own GitHub Actions release pipeline, publishing packages with valid provenance attestations without stealing npm tokens.
- The malware supports multiple C2 channels, including IPFS, Nostr relay, and an Ethereum smart contract, and can steal credentials and spread to other registries.
Four compromised npm packages in the @asyncapi namespace distributed a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages include @asyncapi/generator-helpers@1.1.1, @asyncapi/generator-components@0.7.1, @asyncapi/generator@3.3.1, and @asyncapi/specs (versions 6.11.2 and 6.11.2-alpha.1).
The compromised packages deploy an obfuscated first-stage payload that downloads an encrypted second-stage payload, identified as Miasma, from IPFS, according to Socket. The malicious code runs when the infected module is loaded by Node.js, launching a detached background node that downloads and executes malware from “ipfs[.]io/ipfs/QmQobZSp1wRPrpSEQ56qnyq7ecZh5Bg5k1fnjt4SUwwHb9.”
The next-stage payload is an encrypted JavaScript loader named “sync.js,” containing the Miasma tasking framework and a large encrypted blob. The framework bundles 744 modules and supports six independent command-and-control (C2) communication channels using HTTP, Nostr relay, IPFS, BitTorrent DHT, libp2p GossipSub P2P mesh, and an Ethereum smart contract.
Miasma facilitates credential theft, AI tool poisoning, LAN lateral movement, and worm-like propagation on npm, PyPI, and Cargo registries. It sets up persistence mechanisms across systemd, crontab, macOS launchd, and Windows Registry autostart keys.
OX Security’s Moshe Siman Tov Bustan said that although the malware shares similarities with previous Shai-Hulud and Miasma campaigns, “this malware isn’t the same as them, nor is it attributed to the Miasma/Shai-Hulud/TeamPCP campaigns.” It also includes a dead man’s switch that monitors a stolen token and triggers a directory wipe if the token is revoked, while avoiding sandboxes, virtual environments, and systems with Russian language or security tools from vendors like CrowdStrike, SentinelOne, and Microsoft Defender.
According to StepSecurity, the attacker gained push access and used the project’s own legitimate GitHub Actions release pipeline to publish packages with valid OIDC provenance attestations. The supply chain attack did not involve theft of an npm token. Security researcher Rohan Prabhu explained that “both attacks are CI/CD pipeline compromises, not stolen npm tokens or malicious maintainers.” The resulting packages carry legitimate SLSA provenance attestations, proving only that the authorized workflow produced them.
All five malicious versions have since been unpublished from the npm registry. Users are advised to treat any endpoint that imported or executed one of the affected packages as potentially compromised, noting that exposure depends on whether the infected module was loaded during a build or developer workflow.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
