BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Red Hat npm packages hit by self-propagating Miasma worm

Miasma campaign infects official Red Hat npm packages, stealing credentials to spread a worm.

  • A new supply chain attack campaign called Miasma has compromised multiple official @redhat-cloud-services npm packages.
  • The malware steals credentials and secrets from developer machines to deliver a self-propagating worm.
  • Evidence suggests a Red Hat employee’s GitHub account was the initial point of compromise used to inject the malicious code.

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised several official @redhat-cloud-services npm packages to steal credentials and deliver a worm. According to Socket, this campaign utilizes the same core tactics of install-time execution and credential harvesting seen in previous attacks.

- Advertisement -

The malware contains an obfuscated preinstall hook designed to collect a wide range of sensitive data. Per analyses from Aikido Security, JFrog, and others, this includes GitHub Actions secrets, npm tokens, cloud credentials, and SSH keys.

Consequently, the attack encrypts and exfiltrates stolen data to an external domain. As SafeDep noted, stolen credentials are sent to attacker-created public GitHub repositories.

Furthermore, the malware establishes persistence by injecting hooks into developer tools like Claude Code and Visual Studio Code. It also attempts to escalate privileges by launching containers that modify the host system.

Attribution is currently difficult because the related attack tools have been open-sourced. This allows other threat actors to conduct similar operations.

- Advertisement -

Evidence suggests the compromise began with a Red Hat employee’s GitHub account. The account was used to push malicious commits directly into repositories.

Security researchers recommend isolating affected hosts and rotating all exposed credentials immediately. They also advise reviewing GitHub and npm activity for any signs of compromise.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

Must Read

Tutorial: How to Buy a Domain Name Permanently? (Super Easy)

Are you ready to establish a permanent online presence and you want to buy a domain forever?In this tutorial, we'll show you how to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading