More than 30 npm packages in Red Hat’s ‘@redhat-cloud-services’ namespace were hijacked as part of a supply-chain attack that distributed a new variant of the credential-stealing malware known as Shai-Hulud, given the name “Miasma.”
The breach was uncovered by cybersecurity firms Aikido and OX Security, who discovered that numerous package versions had been injected with malware aimed at pilfering developer credentials, cloud secrets, SSH keys, CI/CD tokens, and additional sensitive data.
Aikido reports that the tampered packages accumulate approximately 117,000 downloads per week.
In a statement provided to BleepingComputer, Red Hat confirmed it pulled the compromised packages upon learning of the breach and clarified that the intrusion was confined exclusively to internal development tools.
“Red Hat is aware of security reports concerning certain npm packages within our development tooling ecosystem. We immediately began an investigation and removed the packages from the npm registry,” Red Hat told BleepingComputer.
“These packages are strictly limited to internal development use, and the malicious code was never distributed to customers through the console.redhat.com system. While our investigation is still underway, we have found no evidence of impact on customer or partner environments, or on Red Hat production systems.”
The company stated it continues to probe the matter but declined to answer questions regarding how the account was breached.
Red Hat packages backdoored through GitHub compromise
Aikido reports that the attackers gained unauthorized access to a Red Hat employee’s GitHub account and leveraged it to push malicious commits into multiple repositories.
These commits introduced a GitHub Actions workflow along with a script that manipulated npm’s publishing process to release backdoored versions of the packages.
“When the workflow runs, it installs Bun and executes _index.js, feeding it a list of target packages through the OIDC_PACKAGES environment variable,” Aikido explained.
“The script leverages the id-token: write permission to obtain a short-lived OIDC token from GitHub, then uses that token to authenticate directly with npm’s trusted publishing endpoint and push tampered versions of every listed package.”
The compromised packages included a malicious ‘preinstall’ script that automatically ran a heavily obfuscated index.js file whenever a developer installed the package.
"scripts": {
"preinstall": "node index.js"
}Aikido noted that the ‘index.js’ payload was roughly 4.2 MB in size and was designed to harvest GitHub Actions secrets, AWS credentials, Google Cloud credentials, Azure service principal credentials, HashiCorp Vault tokens, Kubernetes service account tokens, npm and PyPI publishing tokens, SSH keys, Docker credentials, GPG keys, and `.env` files.
Aikido confirmed that 32 packages comprising 96 individual versions were affected by the attack, spanning numerous client libraries maintained under the `@redhat-cloud-services` namespace.
Any organizations that installed compromised versions are urged to immediately rotate all credentials, secrets, and tokens used by code running on the affected machine.
Miasma appears to be a new Shai-Hulud variant
Over the past several months, there has been a wave of supply-chain attacks using Shai-Hulud malware to exfiltrate credentials and propagate further into other projects.
These campaigns have targeted well-known projects such as Bitwarden, SAP, Mistral, TanStack, OpenAI, and GitHub.
In May, the threat group TeamPCP publicly released the source code for its Mini Shai-Hulud malware framework, effectively making the tool available to other malicious actors.
Researchers report that the malware used in the Red Hat breach shares significant characteristics with Mini Shai-Hulud but now includes the string “Miasma: The Spreading Blight” as comments embedded in compromised GitHub repositories.
Although the malware closely resembles TeamPCP’s Mini Shai-Hulud, it remains unclear whether this campaign was orchestrated by that specific group or by another threat actor who repurposed the leaked source code.
OX Security states that the malware preserves the same credential-harvesting capabilities as Mini Shai-Hulud but incorporates additional obfuscation techniques, multi-stage payload delivery methods, and enhanced data theft and credential-collection features.
As of this writing, 309 GitHub repositories have been compromised by the Miasma malware campaign.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Download Now
