“Miasma” Campaign Compromises Popular Red Hat npm Packages to Target CI/CD Pipelines, Cloud Credentials, and Developer Systems

Severity: Critical

Executive Summary

Large-Scale npm Supply Chain Attack Targets Developers and CI/CD Infrastructure

Security researchers have uncovered a dangerous software supply chain attack campaign called Miasma, which compromised multiple Red Hat-related npm packages to steal credentials, cloud secrets, and developer data.

The campaign uses tactics similar to the previously known “Mini Shai-Hulud” malware family. However, this new version introduces stronger persistence mechanisms, encrypted payloads, and advanced cloud identity collection capabilities.

Researchers confirmed that the malware targets:

• GitHub Actions secrets
• npm authentication tokens
• Kubernetes credentials
• Cloud access keys
• SSH keys
• CI/CD pipelines
• Developer workstations

In addition, the malware can spread itself automatically by abusing compromised GitHub repositories and software development workflows.

Attack Overview

Malicious npm Packages Distributed Through Trusted Red Hat Namespaces

Attackers injected malicious code into several compromised npm packages associated with the @redhat-cloud-services namespace.

Affected packages include:

• @redhat-cloud-services/vulnerabilities-client
• @redhat-cloud-services/tsc-transform-imports
• @redhat-cloud-services/topological-inventory-client
• @redhat-cloud-services/sources-client
• @redhat-cloud-services/rule-components
• @redhat-cloud-services/remediations-client
• @redhat-cloud-services/rbac-client

Because developers trusted these packages, the malware gained access to sensitive environments during installation.

How the Malware Works

Credential Theft and Self-Spreading Capabilities

Researchers discovered that the malicious packages contained heavily obfuscated preinstall scripts.

Once executed, the malware immediately searched infected systems for:

• GitHub tokens
• Cloud credentials
• Kubernetes secrets
• Vault tokens
• Git credentials
• SSH private keys
• npm authentication tokens

After collecting the data, the malware encrypted the information and sent it to attacker-controlled infrastructure.

Furthermore, the malware abused GitHub APIs to inject malicious workflows into repositories, helping the infection spread to additional projects and CI/CD pipelines.

Advanced Persistence Techniques

Malware Survives Beyond Package Removal

Unlike traditional npm malware, Miasma establishes persistence mechanisms that continue operating even after developers remove the malicious package.

Researchers identified several persistence methods, including:

• Malicious Visual Studio Code tasks (tasks.json)
• Injected GitHub workflows
• Background execution hooks for developer tools
• Modified Claude AI settings files
• Automated malware execution during project startup

As a result, simply deleting node_modules does not fully remove the threat.

Cloud & CI/CD Risks

Attackers Focus on Enterprise Development Environments

The latest Miasma variant places heavy emphasis on cloud identity theft and CI/CD compromise.

Researchers observed collection activity targeting:

• Google Cloud Platform (GCP) identities
• Azure identities
• GitHub Actions workflows
• Sigstore signing systems
• Build pipeline credentials

Moreover, the malware attempted privilege escalation by launching containers capable of modifying host sudo configurations.

This behavior significantly increases the risk of:

• Supply chain compromise
• Unauthorized deployments
• Artifact poisoning
• Credential theft
• Enterprise cloud breaches

Evasion & Anti-Analysis Features

Malware Avoids Detection and Security Tools

To reduce detection, the malware includes advanced anti-analysis functionality.

For example, it checks for:

• CrowdStrike
• SentinelOne
• Carbon Black
• StepSecurity Harden-Runner

Additionally, the malware avoids execution on Russian-language systems, a behavior commonly observed in several modern cybercrime operations.

Researchers also noted that every infection generates a unique encrypted payload, making detection and tracking more difficult.

Initial Compromise

Researchers Suspect Compromised Red Hat GitHub Account

Current evidence suggests that attackers initially compromised a Red Hat employee’s GitHub account.

The attackers then pushed malicious orphan commits into trusted repositories, allowing the malware to bypass normal code review processes.

Threat intelligence researchers later discovered Red Hat credentials and session cookies inside infostealer logs dating back to April and May 2026.

Recommended Actions

Immediate Mitigation Steps

01 — Remove Malicious Package Versions

Identify and remove all affected npm package versions immediately.

02 — Rotate Credentials

Reset GitHub tokens, cloud credentials, SSH keys, npm tokens, and API secrets that may have been exposed.

03 — Isolate Affected Systems

Disconnect infected developer workstations and CI/CD runners from production environments.

04 — Review Persistence Artifacts

Audit systems for malicious modifications involving:

• .github/workflows/
• .vscode/tasks.json
• ~/.claude/settings.json
• setup.js files

05 — Investigate Build Pipelines

Review build artifacts, deployment workflows, and repository changes created during the exposure period.

Strategic Perspective

Software Supply Chain Attacks Continue to Escalate

Modern attackers increasingly target trusted development ecosystems because a single compromised package can impact thousands of downstream systems.

At the same time, CI/CD pipelines and cloud-native environments provide direct access to production infrastructure, secrets, and deployment systems.

This campaign also demonstrates how attackers now combine:

• Credential theft
• Supply chain poisoning
• Persistence mechanisms
• Automated propagation
• Cloud identity abuse

CyberShelter strongly recommends implementing strict package verification, runtime monitoring, repository protection controls, and zero-trust access policies across development environments.