{"id":1457,"date":"2026-06-26T11:43:58","date_gmt":"2026-06-26T11:43:58","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1457"},"modified":"2026-06-26T11:43:58","modified_gmt":"2026-06-26T11:43:58","slug":"miasma-malware-targets-npm-packages-and-github-actions-in-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1457","title":{"rendered":"Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack"},"content":{"rendered":"<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhatZ2Vkvxd086INLXiuhbRJrli5Ao9hoNajbVq-Xr0HVAS70cCzhRBfM78KEusnBPI1sXyAK5tYrKt55U5mTIXCQDAmBzY2e860qtXo4YAlvAnVWHDV3DddKUML1q1g71h97Ke1i-714gv5SaVW9lmaFNtRda5XP1kc20urtc-HzlX5JXwkQv0g_-1VwC3\/s1700-e365\/Miasma.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem.<\/p>\n<p>\u00abThe latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go module compromise involving the Verana Blockchain project,\u00bb Socket <a href=\"https:\/\/socket.dev\/blog\/miasma-mini-shai-hulud-hits-leoplatform-npm-packages-go-ecosystem\">said<\/a>.<\/p>\n<p>The end goal of the campaign, as before, is to harvest developer or maintainer credentials and weaponize the stolen data to spread across package registries, repositories, and trusted developer workflows.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The list of affected packages is below &#8211;<\/p>\n<ul>\n<li>hexo-deployer-wrangler@1.0.4<\/li>\n<li>hexo-shoka-swiper@0.1.10<\/li>\n<li>leo-auth@4.0.6<\/li>\n<li>leo-aws@2.0.4<\/li>\n<li>leo-cache@1.0.2<\/li>\n<li>leo-cdk-lib@0.0.2<\/li>\n<li>leo-cli@3.0.3<\/li>\n<li>leo-config@1.1.1<\/li>\n<li>leo-connector-elasticsearch@2.0.6<\/li>\n<li>leo-connector-mongo@3.0.8<\/li>\n<li>leo-connector-mysql@3.0.3<\/li>\n<li>leo-connector-oracle@2.0.1<\/li>\n<li>leo-connector-redshift@3.0.6<\/li>\n<li>leo-cron@2.0.2<\/li>\n<li>leo-logger@1.0.8<\/li>\n<li>leo-sdk@6.0.19<\/li>\n<li>leo-streams@2.0.1<\/li>\n<li>prism-silq@1.0.1<\/li>\n<li>rstreams-metrics@2.0.2<\/li>\n<li>rstreams-shard-util@1.0.1<\/li>\n<li>serverless-convention@2.0.4<\/li>\n<li>serverless-leo@3.0.14<\/li>\n<li>solo-nav@1.0.1<\/li>\n<li>github.com\/verana-labs\/verana-blockchain@v0.10.1-dev.20 (Go)<\/li>\n<\/ul>\n<p>It&#8217;s suspected that an npm developer account associated with the LeoPlatform (\u00ab<a href=\"https:\/\/www.npmjs.com\/~czirker\">czirker<\/a>\u00ab) was breached, likely via leaked credentials, to enable the attack, allowing the threat actors to <a href=\"https:\/\/www.stepsecurity.io\/blog\/mass-npm-supply-chain-attack-20-leo-platform-packages-compromised\">leverage<\/a> an <a href=\"https:\/\/safedep.io\/miasma-worm-hits-leoplatform-20-npm-packages\/\">npm token<\/a> belonging to the maintainer to push trojanized versions within a six-second window.<\/p>\n<p><a name=\"more\"\/><\/p>\n<p>The new wave leverages many of the tactics observed in prior campaigns, including npm registry poisoning, binding.gyp install-time execution, Bun-staged JavaScript malware, GitHub dead-drop infrastructure, GitHub Actions secret theft, IDE and AI coding assistant persistence, and encrypted credential exfiltration.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiNRDAAjjSxDlvfsoFDhsD1KWp8OjZNAzHwPhuQEp0ns-_YWkv60lhlUq9Sc4qc7tzkO05ZCjem9J9PPo5rCvpdv-L8tmkJjOKzk1Zo8n4hhHaZO8ntOHwqG2euKrZiLmMlE9hsylXm3V_eWvYubBXOXsgnJTMmObJ39xzVJGdgfOn-PMFccDDdcir7u48r\/s1700-e365\/flow.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiNRDAAjjSxDlvfsoFDhsD1KWp8OjZNAzHwPhuQEp0ns-_YWkv60lhlUq9Sc4qc7tzkO05ZCjem9J9PPo5rCvpdv-L8tmkJjOKzk1Zo8n4hhHaZO8ntOHwqG2euKrZiLmMlE9hsylXm3V_eWvYubBXOXsgnJTMmObJ39xzVJGdgfOn-PMFccDDdcir7u48r\/s1700-e365\/flow.png\" alt=\"\" border=\"0\" data-original-height=\"602\" data-original-width=\"1462\"\/><\/a><\/div>\n<p>The malicious npm packages, while lacking a lifecycle hook typically added to the package.json file, incorporates a binding.gyp file to execute arbitrary code during installation, resulting in the launch of a JavaScript loader that downloads and installs the Bun runtime if not present, and then initiate the stealer payload responsible for harvesting secrets, credentials, and tokens.<\/p>\n<p>The malware, besides featuring a Russian locale killswitch and checking for the presence of endpoint security software, drops a workflow named \u00abRun Copilot\u00bb to capture CI\/CD environment secrets from the runner memory. The information is then uploaded to a public GitHub repository with description \u00abAlright Lets See If This Works.\u00bb As of writing, there are <a href=\"https:\/\/github.com\/search?q=%22Alright+Lets+See+If+This+Works%22&amp;type=repositories&amp;s=updated&amp;o=desc\">559 repositories<\/a> matching the description.<\/p>\n<p>The token relay marker has also <a href=\"https:\/\/research.jfrog.com\/post\/shai-hulud-miasma-alright-lets-see-if-this-works\/\">witnessed<\/a> a change in the latest iteration. While earlier waves used strings like \u00abIfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner,\u00bb the current artifact uses \u00abRevokeAndItGoesKaboom,\u00bb a string that has been used as GitHub dead drop resolver in connection with the recent compromise of the \u00abcodfish\/semantic-release-action\u00bb GitHub Action.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj6cxKv_kWyF4xPaaMnRuhHsb4PO9JlojZYTsh0YbK29gcqORc5VjQSQVJk2U4iiY28HlWfcnOnP0RTzalRODMpgT2vtGzHBezJRmnuULGL7yf-cSkX_-6Bl2vBoq7oOTnrvSVIm_3cHHhqYMs221IiHPe2f-gqQu21yotecBIbaaQEJjCkPULE9cIVrB9u\/s1700-e365\/leo.jpg\" style=\"clear: left; display: block; float: left;  text-align: center;\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj6cxKv_kWyF4xPaaMnRuhHsb4PO9JlojZYTsh0YbK29gcqORc5VjQSQVJk2U4iiY28HlWfcnOnP0RTzalRODMpgT2vtGzHBezJRmnuULGL7yf-cSkX_-6Bl2vBoq7oOTnrvSVIm_3cHHhqYMs221IiHPe2f-gqQu21yotecBIbaaQEJjCkPULE9cIVrB9u\/s1700-e365\/leo.jpg\" alt=\"\" border=\"0\" data-original-height=\"854\" data-original-width=\"1484\"\/><\/a><\/div>\n<p>\u00abOn June 24, 2026 at 15:39:06 UTC, an attacker force-pushed a malicious commit to codfish\/semantic-release-action and redirected several version tags to point at the malicious commit,\u00bb StepSecurity <a href=\"https:\/\/www.stepsecurity.io\/blog\/supply-chain-compromise-codfish-semantic-release-action\">said<\/a>.<\/p>\n<p>\u00abAny workflow that ran against one of these tags after that timestamp executed the attacker&#8217;s payload directly inside the GitHub Actions runner. The payload steals GitHub OIDC tokens, harvests Personal Access Tokens matching known GitHub token patterns, encrypts the collected material with AES-128-GCM, and attempts to propagate a backdoor into other repositories accessible with the stolen credentials.\u00bb<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/vpn-threat-report-m\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhFlTC7RrRZGiFAgASS0noWSL0qsQGFVp8-Hvuw9yp3X3VKRuTcb5SsPX09wJzrdIM6pu1_5lS4EeZp7Sx4iYBpNJkrGnpr08yyaS1HQ5_5TxaCsP6O0OtHNuOkesn6CbNjao1GPulCJk-uljYMSfMZfBYNrngpe669t7jlRn1FqiEnXhsFD1WVkpaYIVgh\/s728-e100\/ai-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>This indicates that all these events are linked to the same operational cluster or tooling lineage. According to <a href=\"https:\/\/www.endorlabs.com\/learn\/shai-hulud-strikes-leo-platform-npm\">Endor Labs<\/a> and <a href=\"https:\/\/www.ox.security\/blog\/alright-lets-see-if-this-works-shai-hulud-miasma-hades-variant-spreads-on-npm\/\">OX Security<\/a>, the malware also polls GitHub every hour for commits matching the string \u00abfiredalazer\u00bb to retrieve and execute the Hades variant of the malware.<\/p>\n<p>\u00abThe Leo\/RStreams package set is tied to cloud-native and serverless workloads,\u00bb JFrog said. \u00abA compromise here can expose developer workstations, CI\/CD systems, AWS-backed applications, GitHub repositories, package publishing credentials, and downstream package consumers.\u00bb<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh7tlOG3GqhR-bw1ybjzgmWKFpwMoaJ1rxrPamF2WYhKP3rAAU_pjieXbCkwAi5iizof7vsk6tnvnvo4B-sJBcsQJwoNO4d53oejY4i_4mt9vlwyVh8W-cUr-8oKyzeX3zxfGnEgrIL45AVbcaaDgKCSsZpftynDuMMNei1YEvlAQsq0CiUWZIaT1D924Ci\/s1700-e365\/ox.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh7tlOG3GqhR-bw1ybjzgmWKFpwMoaJ1rxrPamF2WYhKP3rAAU_pjieXbCkwAi5iizof7vsk6tnvnvo4B-sJBcsQJwoNO4d53oejY4i_4mt9vlwyVh8W-cUr-8oKyzeX3zxfGnEgrIL45AVbcaaDgKCSsZpftynDuMMNei1YEvlAQsq0CiUWZIaT1D924Ci\/s1700-e365\/ox.jpg\" alt=\"\" border=\"0\" data-original-height=\"2044\" data-original-width=\"2048\"\/><\/a><\/div>\n<p>\u00abThe notable story is not that the payload is radically new. It is that Shai-Hulud continues to move across legitimate package ecosystems while changing just enough indicators to make stale detections less effective.\u00bb<\/p>\n<p>What&#8217;s more, the poisoning of the Verana GitHub expands the scope of the campaign beyond npm. That having said, the attack employs the same Miasma execution pattern observed in malicious npm packages without relying on native Go module resolution or build logic.<\/p>\n<p>\u00abUnlike the npm packages, this sample does not rely on binding.gyp,\u00bb Socket explained. \u00abThe risk is source-repository execution: a developer who clones or opens the repository in a trusted IDE or AI coding assistant environment may trigger the payload through project configuration.\u00bb<\/p>\n<p>\u00abThis reinforces the larger campaign theme: Miasma is moving across package ecosystems by targeting developer workflows, not just package-manager install hooks.\u00bb<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1458,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[802,220,219,71,42,1856,39,35,218,78],"class_list":["post-1457","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-actions","tag-attack","tag-chain","tag-github","tag-malware","tag-miasma","tag-npm","tag-packages","tag-supply","tag-targets"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1457"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1457\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1458"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}