Critical npm Supply Chain Attack Exposes AsyncAPI Developers to Advanced Multi-Stage Malware Campaign + Video

Listen to this Post

Featured ImageIntroduction: A Trusted Development Ecosystem Turned Into an Attack Vector

Software supply chain attacks continue to evolve at an alarming pace, and the latest compromise involving multiple @asyncapi npm packages demonstrates just how dangerous these attacks have become. Instead of exploiting users directly, threat actors infiltrated trusted open source components that thousands of developers rely on every day. Once integrated into development workflows, these poisoned packages quietly deployed a sophisticated malware framework capable of persistence, credential theft, lateral movement, and remote command execution.

Unlike traditional npm malware that activates during installation, this campaign remained hidden until the compromised libraries were actually loaded by Node.js. That subtle difference significantly reduced suspicion while increasing the chances of successful infection inside developer machines and CI/CD environments.

Security researchers from OX Security, SafeDep, Socket, and StepSecurity independently analyzed the campaign, revealing one of the most technically advanced npm supply chain attacks observed this year.

Summary: Four AsyncAPI npm Packages Were Weaponized

Researchers discovered that four official packages within the @asyncapi namespace had been compromised and were distributing a highly sophisticated multi-stage malware loader.

The affected versions include:

@asyncapi/[email protected]

@asyncapi/[email protected]

@asyncapi/[email protected]

@asyncapi/specs versions 6.11.2 and 6.11.2-alpha.1

Rather than immediately executing malicious code during installation, the compromised packages waited until developers actually used the affected libraries. Once loaded by Node.js, an obfuscated JavaScript implant silently executed in the background, downloaded additional encrypted payloads from IPFS, and ultimately deployed an advanced malware framework internally known as Miasma.

Although its name resembles previous malware campaigns, researchers confirmed that this framework is technically different from earlier Miasma or Shai-Hulud operations.

How the Attack Begins

The attack starts with malicious JavaScript hidden inside the legitimate package source code.

Instead of obvious installation scripts, attackers injected a concealed loader directly into the application logic. As soon as the vulnerable module is imported using require(), the malicious code activates.

This design is particularly dangerous because most automated security scanners focus on preinstall or postinstall scripts. Since none were present, many traditional detection methods would completely overlook the infection.

The implant immediately launches a detached Node.js process that continues operating independently from the application itself.

The Second Stage: Downloading Malware Through IPFS

After execution, the first-stage loader connects to the InterPlanetary File System (IPFS) instead of a traditional malware server.

Using decentralized infrastructure offers several advantages for attackers:

Increased resilience against takedowns

Difficult attribution

Better availability

Reduced dependence on centralized hosting

The malware downloads an encrypted JavaScript component named sync.js, stores it in operating system-specific directories, and executes it without requiring further interaction.

This second-stage payload serves as the bridge toward the full malware platform.

Inside the Miasma Malware Framework

The downloaded payload decrypts into an extensive malware ecosystem called Miasma.

Researchers found that it contains 744 bundled modules, making it significantly larger and more capable than conventional information stealers.

Instead of performing only one task, Miasma behaves as a complete command framework capable of receiving instructions from multiple communication channels simultaneously.

Supported command-and-control mechanisms include:

Traditional HTTP

Nostr Relay

IPFS

BitTorrent DHT

libp2p GossipSub mesh

Ethereum Smart Contracts

This decentralized communication architecture allows the malware to remain operational even if one infrastructure component is disrupted.

Capabilities Beyond Credential Theft

While credential theft remains one objective, Miasma goes far beyond stealing usernames and passwords.

Researchers documented functionality that enables:

Browser credential collection

AI development tool poisoning

Local network reconnaissance

Lateral movement across internal systems

Worm-like propagation

npm registry abuse

PyPI package propagation

Cargo ecosystem infection

Remote shell execution

File management

Payload updates

Encrypted command execution

These capabilities transform the malware into a modular post-exploitation framework capable of expanding throughout software development environments.

Persistence Across Every Major Operating System

To ensure long-term access, Miasma installs multiple persistence mechanisms depending on the operating system.

Linux systems receive:

systemd services

Cron jobs

macOS receives:

launchd agents

Windows systems receive:

Registry autorun entries

Even after system reboots, the malware automatically restarts itself without user interaction.

Built-In Anti-Analysis Features

The malware demonstrates a high level of operational maturity by actively avoiding security researchers.

It checks for:

Virtual machines

Sandboxes

Security analysis environments

Russian language systems

Enterprise security software

Security products specifically targeted include:

CrowdStrike

Microsoft Defender

SentinelOne

Carbon Black

Cylance

Osquery

Tanium

Qualys

If these environments are detected, execution may stop entirely to reduce forensic visibility.

The Dead

One particularly unusual feature is the malware’s built-in dead man’s switch.

The malware continuously monitors a stolen authentication token.

If that token becomes invalid or revoked, the malware can automatically trigger destructive cleanup routines, including wiping directories that may contain operational data.

This feature helps attackers destroy evidence if access is lost.

REST-Based Command Infrastructure

Although the malware supports numerous decentralized communication channels, researchers concluded that its primary operational pathway remains conventional HTTP communication.

The infected machine periodically contacts a remote REST endpoint, receives encrypted commands, executes them locally, and sends encrypted responses back to attacker-controlled infrastructure.

Additional modules support:

Secure payload encryption

Command authentication

Node identity signing

Dynamic malware updates

Remote file operations

Persistence deployment

The framework behaves much like a professional remote administration platform rather than ordinary malware.

How the Attackers Compromised AsyncAPI

Perhaps the most alarming aspect of this incident is how the malicious packages reached npm.

Researchers determined the attackers did not steal npm publishing credentials.

Instead, they compromised repository push access.

Once they gained commit permissions, they submitted malicious code that automatically passed through the project’s legitimate GitHub Actions release workflow.

Because GitHub OIDC Trusted Publisher integration handled package publishing, every malicious release received authentic provenance signatures.

In other words, the packages appeared completely legitimate.

Why Provenance Alone

Modern software supply chain security increasingly relies on provenance verification technologies like SLSA.

However, this attack exposed an important limitation.

Provenance successfully verified that the package originated from the project’s authorized CI/CD pipeline.

It did not verify whether the commits entering that pipeline were themselves trustworthy.

If an attacker compromises repository write access, legitimate pipelines will faithfully publish malicious software.

This incident reinforces an important lesson: provenance validates build integrity, not developer identity.

Response From Security Researchers

Security teams quickly coordinated their findings after detecting unusual package behavior.

Researchers emphasized that the attack represents a CI/CD compromise rather than a compromised npm maintainer account.

Once confirmed, the malicious package versions were removed from the npm registry.

However, removing packages from npm does not eliminate infections already deployed inside developer workstations or enterprise build environments.

Organizations that executed any affected version should assume potential compromise until proven otherwise.

Recommended Immediate Actions

Organizations should immediately:

Identify every system that imported the affected package versions.

Perform forensic analysis on developer workstations.

Inspect outbound connections to unexpected IPFS gateways.

Rotate credentials stored on potentially compromised machines.

Review GitHub repository access permissions.

Audit CI/CD workflows.

Verify package integrity before future deployments.

Monitor for unusual Node.js background processes.

Review persistence mechanisms across Windows, Linux, and macOS.

Strengthen repository authentication with hardware-backed MFA.

What Undercode Say:

This incident is a textbook example of why software supply chain security can no longer rely on package signatures alone.

The attackers

They

They

Instead, they targeted trust.

By compromising repository push access, they weaponized the legitimate release process itself.

That makes this campaign especially dangerous.

Traditional security assumes malicious code comes from unauthorized publishers.

Here, everything looked authorized.

Every signature appeared valid.

Every workflow executed exactly as designed.

The CI/CD pipeline behaved correctly.

The repository did not.

This exposes a growing blind spot across the software industry.

Organizations often invest heavily in artifact signing while overlooking repository governance.

Repository write permissions have become one of the highest-value targets for advanced threat actors.

Another interesting observation is the malware architecture itself.

Using IPFS, BitTorrent DHT, Ethereum, Nostr, and libp2p together creates remarkable resilience.

Even if investigators disable one communication method, the malware can simply migrate to another.

This represents a shift from centralized botnets toward decentralized command infrastructure.

The malware also demonstrates careful operational security.

Avoiding Russian-language systems suggests geopolitical awareness.

Checking for enterprise security tools indicates the operators expect professional incident response.

The dead

Destroying evidence after token revocation reduces forensic opportunities.

Developers should also reconsider the assumption that “npm install” is the dangerous phase.

This campaign activated during runtime instead.

Static scanners focusing exclusively on install hooks would likely miss the compromise entirely.

Future supply chain defenses should include runtime behavior monitoring.

Behavioral detection is becoming more important than signature-based scanning.

Organizations should continuously monitor Node.js processes, outbound network behavior, unexpected child processes, and persistence creation.

Repository security deserves equal attention.

Mandatory code reviews, branch protection, signed commits, least-privilege repository access, hardware security keys, and continuous Git audit logging should become standard practice.

Supply chain attacks are no longer rare events.

They are becoming one of the primary methods used to compromise enterprise environments.

Developers now represent one of the most valuable attack surfaces in modern cybersecurity.

Deep Analysis

The following commands can assist investigators during incident response.

Check installed npm dependencies

npm ls @asyncapi/generator
npm ls @asyncapi/generator-components
npm ls @asyncapi/generator-helpers
npm ls @asyncapi/specs
Search for suspicious Node.js processes
ps aux | grep node
pgrep -af node

Look for persistence on Linux

systemctl --user list-unit-files
crontab -l
ls ~/.config/systemd/user/

Monitor outbound network connections

ss -tulpn
netstat -antp
lsof -i

Inspect recently modified JavaScript files

find . -type f -name ".js" -mtime -7

Search for hidden persistence artifacts

find / -name "sync.js" 2>/dev/null
find ~/.config -type f

Review Git history for unauthorized commits

git log --stat
git show
git shortlog

Audit GitHub Actions workflows

find .github/workflows -type f
cat .github/workflows/.yml

Verify dependency integrity

npm audit
npm ci
npm cache verify

Collect forensic indicators

journalctl -xe
dmesg
last
history

✅ Multiple security companies, including OX Security, SafeDep, Socket, and StepSecurity, independently confirmed the compromise of specific @asyncapi npm package versions and documented the multi-stage malware behavior.

✅ Researchers verified that the attack abused legitimate GitHub Actions release workflows through compromised repository push access rather than stolen npm publishing tokens, allowing malicious packages to receive valid provenance attestations.

✅ The malicious package versions have been removed from the npm registry, but systems that executed the affected packages should still be treated as potentially compromised because removal from the registry does not remediate existing infections.

Prediction

(+1) Supply chain security will become significantly more repository-centric over the next year.

More organizations will enforce hardware-backed authentication for repository maintainers.

Runtime behavioral monitoring for development environments will become increasingly common alongside traditional package scanning.

Software provenance standards will evolve to include stronger protections around commit authenticity, repository governance, and developer identity verification rather than focusing solely on build integrity.

▶️ Related Video (82% Match):

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: thehackernews.com
Extra Source Hub (Possible Sources for article):
https://www.digitaltrends.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube