Listen to this Post
Introduction — The Silent Infection Inside Trusted Code
A dangerous new supply chain campaign, tracked as Miasma, has emerged as a highly evolved variant of the Mini Shai-Hulud malware family, striking deep into the npm ecosystem and compromising packages tied to Red Hat cloud services. What makes this incident particularly alarming is not just credential theft, but the transformation of trusted developer infrastructure into a self-propagating worm capable of spreading through CI/CD pipelines, cloud environments, and developer machines without immediate detection.
Security researchers from Microsoft, Wiz, JFrog, and others have confirmed that this attack represents a refined evolution of earlier Shai-Hulud waves. It blends install-time execution, stealthy credential harvesting, encrypted exfiltration channels, and GitHub-based persistence into a unified, adaptive threat model. Attribution remains unclear, especially after cybercrime group TeamPCP reportedly open-sourced related tooling, lowering the barrier for copycat operations and complicating forensic tracing.
Executive Summary — A Supply Chain Worm That Thinks Like Infrastructure
The Miasma campaign begins with seemingly legitimate npm packages under the namespace @redhat-cloud-services, including vulnerability clients, inventory tools, and remediation components. Once installed, malicious preinstall hooks activate silently, extracting sensitive developer artifacts such as GitHub Actions secrets, npm authentication tokens, SSH keys, Kubernetes credentials, Vault secrets, and local configuration files.
The malware does not stop at passive theft. It actively constructs encrypted payloads and transmits them to attacker-controlled infrastructure masquerading as legitimate API endpoints. In some cases, data is exfiltrated through GitHub commits themselves, embedding stolen credentials into repository history. This creates a dual-use infection model: data theft and supply chain poisoning simultaneously.
Researchers from Wiz and OX Security observed that each infection generates a uniquely encrypted payload, making signature-based detection nearly ineffective. Meanwhile, persistence mechanisms target developer environments such as VS Code and Claude-based tooling, ensuring reinfection across sessions.
Compromised Packages — The Entry Points of Infection
The malicious payload was distributed through multiple npm packages tied to Red Hat cloud tooling:
@redhat-cloud-services/vulnerabilities-client
@redhat-cloud-services/tsc-transform-imports
@redhat-cloud-services/topological-inventory-client
@redhat-cloud-services/sources-client
@redhat-cloud-services/rule-components
@redhat-cloud-services/remediations-client
@redhat-cloud-services/rbac-client
Each package carried obfuscated scripts embedded within lifecycle hooks. These scripts executed before installation completion, ensuring that infection occurred before developers even reviewed dependency trees or lockfiles.
Technical Behavior — A Multi-Stage Supply Chain Weapon
Security analysis from JFrog, StepSecurity, and SafeDep revealed that the malware performs structured reconnaissance of developer systems. It enumerates CI/CD environments, extracts environment variables, and specifically targets GitHub Actions workflows and cloud identity tokens.
The payload also attempts to identify defensive tools such as CrowdStrike, SentinelOne, Carbon Black, and hardened CI agents before deciding its execution path. This adaptive behavior suggests an intent to avoid noisy environments and remain dormant until high-value credentials are detected.
Exfiltration Strategy — Encryption, GitHub Abuse, and Fallback Channels
Unlike traditional malware, Miasma uses layered exfiltration routes. Primary stolen data is encrypted and sent to disguised endpoints such as:
api.anthropic[.]com:443/v1/api
If this route fails, GitHub is used as a fallback exfiltration channel. The malware commits encrypted payloads into repositories using structured messages such as:
“IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner:”
This not only ensures data persistence but also weaponizes GitHub as a covert command-and-control channel.
Persistence and Propagation — Turning Developer Tools Into Launchpads
Once active, the malware modifies development environments to ensure long-term persistence. It injects:
VS Code tasks.json triggers with folder-open execution
Claude session hooks that automatically re-run payloads
GitHub workflow injections through commit mutations
It also abuses CI/CD pipelines by reading workflow definitions via GraphQL and injecting malicious commits that appear as legitimate, signed updates. This makes detection extremely difficult within enterprise development pipelines.
Cloud Identity Targeting — The Most Dangerous Evolution Yet
A key advancement in this variant is its focus on cloud identity extraction. According to Wiz, the malware now includes collectors for both GCP and Azure identities, expanding beyond traditional secret harvesting.
Instead of merely stealing tokens, it maps identity relationships, permissions, and access scopes. This allows attackers to understand the full blast radius of compromised credentials, effectively turning a single infected developer machine into a cloud-wide reconnaissance node.
Attribution Challenges — Open Source Weaponization of Attack Tools
The origin of Miasma remains uncertain. However, the suspected involvement of TeamPCP, which reportedly open-sourced Shai-Hulud-related tools, has made attribution significantly more complex. By distributing weaponized frameworks publicly, the attack surface has shifted from centralized threat actors to decentralized opportunistic attackers.
Evidence suggests the initial infection vector may have involved a compromised Red Hat employee GitHub account, which was used to push malicious commits into internal repositories without proper review controls.
What Undercode Say:
Supply chain attacks are evolving into autonomous propagation systems rather than simple credential theft tools
CI/CD pipelines are now primary attack surfaces, not secondary targets
Open-source ecosystems amplify both innovation and attack scalability simultaneously
GitHub has effectively become a dual-use infrastructure for both development and exfiltration
Encrypted payload rotation per infection breaks traditional IOC-based detection models
Identity-based cloud targeting indicates a shift from data theft to access persistence
Developer tooling persistence ensures long-term compromise beyond package removal
Attackers are prioritizing stealth over speed, increasing dwell time in systems
AI-assisted developer tools introduce new persistence vectors previously unmonitored
Security tools relying on static signatures are becoming obsolete against adaptive payloads
Supply chain trust assumptions are collapsing under multi-stage infection models
Open-source dependency trees now function as attack distribution graphs
Repository-level compromise enables silent enterprise-wide propagation
CI/CD privilege escalation bypasses traditional endpoint defenses
Cloud identity mapping allows attackers to pivot laterally across services
Multi-channel exfiltration increases resilience against network monitoring
Attacker use of legitimate APIs reduces anomaly detection effectiveness
Developer machines are becoming high-value identity aggregation nodes
Lack of commit review discipline remains a critical systemic weakness
Encrypted GitHub commits blur the line between code and data theft
Supply chain worms are converging with ransomware-like persistence behavior
Endpoint protection bypass checks suggest adaptive reconnaissance layers
Signed commits are no longer reliable indicators of safety
Attackers exploit automation trust in CI/CD systems
Cross-platform targeting increases infection surface exponentially
Redundant exfiltration channels indicate high operational maturity
Identity-first targeting signals cloud-centric attack evolution
Malware blending with developer workflows reduces detection probability
Open-source dependency trust is now a primary security liability
Enterprise security must shift toward behavior-based detection models
❌ Attribution remains uncertain; no confirmed single threat actor has been identified
✅ Multiple security firms confirmed npm preinstall hook-based credential harvesting behavior
❌ Claim of direct control by TeamPCP is unverified, only tool association is suggested
✅ Evidence supports CI/CD targeting and GitHub-based exfiltration mechanisms
❌ Exact scale of infected environments has not been publicly validated
Prediction
(+1) Increased adoption of CI/CD runtime monitoring and identity-aware security systems across enterprise pipelines
(+1) Stronger enforcement of package signing verification and dependency isolation policies
(+1) Expansion of AI-driven anomaly detection for encrypted and behavioral malware patterns
(-1) Continued exploitation of open-source ecosystems due to dependency complexity and slow patch adoption
(-1) Rise of “self-propagating supply chain worms” inspired by Miasma across multiple ecosystems
Deep Analysis — Infrastructure-Level Breakdown
Detect suspicious npm lifecycle scripts npm audit npm ls --all
Inspect preinstall hooks in node modules
grep -R "preinstall" node_modules/
Monitor GitHub Actions secret leakage patterns
cat .github/workflows/.yml | grep -i "secret"
Check VS Code persistence vectors
ls ~/.vscode/ ~/AppData/Roaming/Code/User/
Audit running containers for privilege escalation
docker ps -a docker inspect <container_id>
Scan for unexpected outbound connections
netstat -tulpn | grep ESTABLISHED
Verify npm package integrity
npm install --ignore-scripts
Check CI/CD runner identity exposure
env | grep -E "GITHUB|AWS|AZURE|GCP"
Inspect suspicious git commit signatures
git log --show-signature
Remove compromised dependencies safely
rm -rf node_modules package-lock.json && npm install
🕵️📝Let’s dive deep and fact‑check.
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
References:
Reported By: thehackernews.com
Extra Source Hub (Possible Sources for article):
https://www.medium.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube




