Listen to this Post
Introduction: A Trusted Development Ecosystem Turned Into an Attack Vector
Software supply chain attacks continue to evolve at an alarming pace, and the latest compromise involving multiple @asyncapi npm packages demonstrates just how dangerous these attacks have become. Instead of exploiting users directly, threat actors infiltrated trusted open source components that thousands of developers rely on every day. Once integrated into development workflows, these poisoned packages quietly deployed a sophisticated malware framework capable of persistence, credential theft, lateral movement, and remote command execution.
Unlike traditional npm malware that activates during installation, this campaign remained hidden until the compromised libraries were actually loaded by Node.js. That subtle difference significantly reduced suspicion while increasing the chances of successful infection inside developer machines and CI/CD environments.
Security researchers from OX Security, SafeDep, Socket, and StepSecurity independently analyzed the campaign, revealing one of the most technically advanced npm supply chain attacks observed this year.
Summary: Four AsyncAPI npm Packages Were Weaponized
Researchers discovered that four official packages within the @asyncapi namespace had been compromised and were distributing a highly sophisticated multi-stage malware loader.
The affected versions include:
@asyncapi/[email protected]
@asyncapi/[email protected]
@asyncapi/[email protected]
@asyncapi/specs versions 6.11.2 and 6.11.2-alpha.1
Rather than immediately executing malicious code during installation, the compromised packages waited until developers actually used the affected libraries. Once loaded by Node.js, an obfuscated JavaScript implant silently executed in the background, downloaded additional encrypted payloads from IPFS, and ultimately deployed an advanced malware framework internally known as Miasma.
Although its name resembles previous malware campaigns, researchers confirmed that this framework is technically different from earlier Miasma or Shai-Hulud operations.
How the Attack Begins
The attack starts with malicious JavaScript hidden inside the legitimate package source code.
Instead of obvious installation scripts, attackers injected a concealed loader directly into the application logic. As soon as the vulnerable module is imported using require(), the malicious code activates.
This design is particularly dangerous because most automated security scanners focus on preinstall or postinstall scripts. Since none were present, many traditional detection methods would completely overlook the infection.
The implant immediately launches a detached Node.js process that continues operating independently from the application itself.
The Second Stage: Downloading Malware Through IPFS
After execution, the first-stage loader connects to the InterPlanetary File System (IPFS) instead of a traditional malware server.
Using decentralized infrastructure offers several advantages for attackers:
Increased resilience against takedowns
Difficult attribution
Better availability
Reduced dependence on centralized hosting
The malware downloads an encrypted JavaScript component named sync.js, stores it in operating system-specific directories, and executes it without requiring further interaction.
This second-stage payload serves as the bridge toward the full malware platform.
Inside the Miasma Malware Framework
The downloaded payload decrypts into an extensive malware ecosystem called Miasma.
Researchers found that it contains 744 bundled modules, making it significantly larger and more capable than conventional information stealers.
Instead of performing only one task, Miasma behaves as a complete command framework capable of receiving instructions from multiple communication channels simultaneously.
Supported command-and-control mechanisms include:
Traditional HTTP
Nostr Relay
IPFS
BitTorrent DHT
libp2p GossipSub mesh
Ethereum Smart Contracts
This decentralized communication architecture allows the malware to remain operational even if one infrastructure component is disrupted.
Capabilities Beyond Credential Theft
While credential theft remains one objective, Miasma goes far beyond stealing usernames and passwords.
Researchers documented functionality that enables:
Browser credential collection
AI development tool poisoning
Local network reconnaissance
Lateral movement across internal systems
Worm-like propagation
npm registry abuse
PyPI package propagation
Cargo ecosystem infection
Remote shell execution
File management
Payload updates
Encrypted command execution
These capabilities transform the malware into a modular post-exploitation framework capable of expanding throughout software development environments.
Persistence Across Every Major Operating System
To ensure long-term access, Miasma installs multiple persistence mechanisms depending on the operating system.
Linux systems receive:
systemd services
Cron jobs
macOS receives:
launchd agents
Windows systems receive:
Registry autorun entries
Even after system reboots, the malware automatically restarts itself without user interaction.
Built-In Anti-Analysis Features
The malware demonstrates a high level of operational maturity by actively avoiding security researchers.
It checks for:
Virtual machines
Sandboxes
Security analysis environments
Russian language systems
Enterprise security software
Security products specifically targeted include:
CrowdStrike
Microsoft Defender
SentinelOne
Carbon Black
Cylance
Osquery
Tanium
Qualys
If these environments are detected, execution may stop entirely to reduce forensic visibility.
The Dead
One particularly unusual feature is the malware’s built-in dead man’s switch.
The malware continuously monitors a stolen authentication token.
If that token becomes invalid or revoked, the malware can automatically trigger destructive cleanup routines, including wiping directories that may contain operational data.
This feature helps attackers destroy evidence if access is lost.
REST-Based Command Infrastructure
Although the malware supports numerous decentralized communication channels, researchers concluded that its primary operational pathway remains conventional HTTP communication.
The infected machine periodically contacts a remote REST endpoint, receives encrypted commands, executes them locally, and sends encrypted responses back to attacker-controlled infrastructure.
Additional modules support:
Secure payload encryption
Command authentication
Node identity signing
Dynamic malware updates
Remote file operations
Persistence deployment
The framework behaves much like a professional remote administration platform rather than ordinary malware.
How the Attackers Compromised AsyncAPI
Perhaps the most alarming aspect of this incident is how the malicious packages reached npm.
Researchers determined the attackers did not steal npm publishing credentials.
Instead, they compromised repository push access.
Once they gained commit permissions, they submitted malicious code that automatically passed through the project’s legitimate GitHub Actions release workflow.
Because GitHub OIDC Trusted Publisher integration handled package publishing, every malicious release received authentic provenance signatures.
In other words, the packages appeared completely legitimate.
Why Provenance Alone
Modern software supply chain security increasingly relies on provenance verification technologies like SLSA.
However, this attack exposed an important limitation.
Provenance successfully verified that the package originated from the project’s authorized CI/CD pipeline.
It did not verify whether the commits entering that pipeline were themselves trustworthy.
If an attacker compromises repository write access, legitimate pipelines will faithfully publish malicious software.
This incident reinforces an important lesson: provenance validates build integrity, not developer identity.
Response From Security Researchers
Security teams quickly coordinated their findings after detecting unusual package behavior.
Researchers emphasized that the attack represents a CI/CD compromise rather than a compromised npm maintainer account.
Once confirmed, the malicious package versions were removed from the npm registry.
However, removing packages from npm does not eliminate infections already deployed inside developer workstations or enterprise build environments.
Organizations that executed any affected version should assume potential compromise until proven otherwise.
Recommended Immediate Actions
Organizations should immediately:
Identify every system that imported the affected package versions.
Perform forensic analysis on developer workstations.
Inspect outbound connections to unexpected IPFS gateways.
Rotate credentials stored on potentially compromised machines.
Review GitHub repository access permissions.
Audit CI/CD workflows.
Verify package integrity before future deployments.
Monitor for unusual Node.js background processes.
Review persistence mechanisms across Windows, Linux, and macOS.
Strengthen repository authentication with hardware-backed MFA.
What Undercode Say:
This incident is a textbook example of why software supply chain security can no longer rely on package signatures alone.
The attackers
They
They
Instead, they targeted trust.
By compromising repository push access, they weaponized the legitimate release process itself.
That makes this campaign especially dangerous.
Traditional security assumes malicious code comes from unauthorized publishers.
Here, everything looked authorized.
Every signature appeared valid.
Every workflow executed exactly as designed.
The CI/CD pipeline behaved correctly.
The repository did not.
This exposes a growing blind spot across the software industry.
Organizations often invest heavily in artifact signing while overlooking repository governance.
Repository write permissions have become one of the highest-value targets for advanced threat actors.
Another interesting observation is the malware architecture itself.
Using IPFS, BitTorrent DHT, Ethereum, Nostr, and libp2p together creates remarkable resilience.
Even if investigators disable one communication method, the malware can simply migrate to another.
This represents a shift from centralized botnets toward decentralized command infrastructure.
The malware also demonstrates careful operational security.
Avoiding Russian-language systems suggests geopolitical awareness.
Checking for enterprise security tools indicates the operators expect professional incident response.
The dead
Destroying evidence after token revocation reduces forensic opportunities.
Developers should also reconsider the assumption that “npm install” is the dangerous phase.
This campaign activated during runtime instead.
Static scanners focusing exclusively on install hooks would likely miss the compromise entirely.
Future supply chain defenses should include runtime behavior monitoring.
Behavioral detection is becoming more important than signature-based scanning.
Organizations should continuously monitor Node.js processes, outbound network behavior, unexpected child processes, and persistence creation.
Repository security deserves equal attention.
Mandatory code reviews, branch protection, signed commits, least-privilege repository access, hardware security keys, and continuous Git audit logging should become standard practice.
Supply chain attacks are no longer rare events.
They are becoming one of the primary methods used to compromise enterprise environments.
Developers now represent one of the most valuable attack surfaces in modern cybersecurity.
Deep Analysis
The following commands can assist investigators during incident response.
Check installed npm dependencies
npm ls @asyncapi/generator npm ls @asyncapi/generator-components npm ls @asyncapi/generator-helpers npm ls @asyncapi/specs Search for suspicious Node.js processes
ps aux | grep node pgrep -af node
Look for persistence on Linux
systemctl --user list-unit-files crontab -l ls ~/.config/systemd/user/
Monitor outbound network connections
ss -tulpn netstat -antp lsof -i
Inspect recently modified JavaScript files
find . -type f -name ".js" -mtime -7
Search for hidden persistence artifacts
find / -name "sync.js" 2>/dev/null find ~/.config -type f
Review Git history for unauthorized commits
git log --stat git show git shortlog
Audit GitHub Actions workflows
find .github/workflows -type f cat .github/workflows/.yml
Verify dependency integrity
npm audit npm ci npm cache verify
Collect forensic indicators
journalctl -xe dmesg last history
✅ Multiple security companies, including OX Security, SafeDep, Socket, and StepSecurity, independently confirmed the compromise of specific @asyncapi npm package versions and documented the multi-stage malware behavior.
✅ Researchers verified that the attack abused legitimate GitHub Actions release workflows through compromised repository push access rather than stolen npm publishing tokens, allowing malicious packages to receive valid provenance attestations.
✅ The malicious package versions have been removed from the npm registry, but systems that executed the affected packages should still be treated as potentially compromised because removal from the registry does not remediate existing infections.
Prediction
(+1) Supply chain security will become significantly more repository-centric over the next year.
More organizations will enforce hardware-backed authentication for repository maintainers.
Runtime behavioral monitoring for development environments will become increasingly common alongside traditional package scanning.
Software provenance standards will evolve to include stronger protections around commit authenticity, repository governance, and developer identity verification rather than focusing solely on build integrity.
▶️ Related Video (82% Match):
🕵️📝Let’s dive deep and fact‑check.
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
References:
Reported By: thehackernews.com
Extra Source Hub (Possible Sources for article):
https://www.digitaltrends.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube




