Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
NEWS

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

The Miasma supply chain malware family — an evolution of Mini Shai-Hulud and linked to the Hades worm — has compromised hundreds of npm packages, abused...

Dylan H.

News Desk

June 26, 2026
6 min read

Cybersecurity researchers are tracking a rapidly evolving supply chain attack campaign tied to the Mini Shai-Hulud, Miasma, and Hades malware family — one that has now compromised hundreds of npm packages, abused GitHub Actions workflows to publish trojanized packages with legitimate provenance attestations, and expanded its reach into the Go ecosystem. As of June 26, 2026, security firm Socket is tracking 448 affected artifacts across npm and PyPI, with the campaign operating continuously since June 1, pivoting delivery mechanisms every 48 to 72 hours.

Campaign Evolution: From Dune to Greek Mythology

The campaign began in April 2026 with two waves carrying Dune-themed naming — "Shai-Hulud: The Third Coming" (April 22) and "Mini Shai-Hulud" (April 29). By May, the threat group TeamPCP — tracked by Mandiant as UNC6780 — launched additional waves that compromised 323 npm packages in the @antv namespace on May 19.

The pivot to Greek mythology arrived in June. Attackers — now possibly including copy-cat actors following the public release of the full worm source code under an MIT license on May 12 — rebranded with repository descriptions reading "Miasma: The Spreading Blight" and "Hades - The End for the Damned." The source code release is a significant inflection point: what was once a private actor capability became reusable public attack infrastructure overnight, complicating attribution for subsequent waves.

The Latest Wave: Compromised Accounts and Trusted Pipelines

The June 1 wave exploited a compromised Red Hat employee GitHub account to push malicious orphan commits across multiple @redhat-cloud-services npm namespace packages. The attacker triggered GitHub Actions workflows to request OpenID Connect (OIDC) tokens, which were then used to publish trojanized npm packages bearing valid SLSA provenance attestations — effectively laundering malicious packages through trusted supply chain verification infrastructure.

Between June 5 and 7, the campaign crossed into enterprise territory. A recompromised contributor account pushed a malicious commit into Microsoft's Azure/durabletask GitHub repository, planting configuration files designed to execute a credential-harvesting payload the moment a developer opens the repository in Claude Code, Gemini CLI, Cursor, or VS Code. GitHub's automated enforcement responded by disabling 73 repositories across four Microsoft GitHub organizations in a 105-second sweep — including Azure/functions-action, the official GitHub Action for deploying Azure Functions, which went dark and broke CI/CD pipelines globally.

The most recent wave of malicious npm releases was published in a tight window on June 24, 2026, targeting LeoPlatform and RStreams packages tied to cloud-native and serverless workloads.

"Phantom Gyp": Bypassing Install-Script Security Checks

The current wave employs a novel evasion technique dubbed "Phantom Gyp" by StepSecurity researchers. Rather than using preinstall or postinstall lifecycle hooks — which security tools actively monitor — the attacker abuses a 157-byte binding.gyp file to trigger code execution during npm install. The file causes node-gyp rebuild to run, a legitimate build tool for compiling native Node.js add-ons. By hiding malicious commands inside the binding.gyp configuration rather than package lifecycle scripts, the attack bypasses most install-script security checks entirely.

The execution chain continues with Bun-staged malware: if Bun is not present on the system, the malware attempts to download it and runs the main payload via bun run. This exploits the fact that many Node.js security hooks and runtime controls do not inspect Bun execution with the same depth as Node itself.

The payload itself layers obfuscation:

  1. A Caesar-style letter shift with immediate eval() execution
  2. Decryption of embedded AES-GCM payloads
  3. JavaScript-obfuscator-style string hiding with lookup tables

Credential Exfiltration via GitHub Dead-Drops

The exfiltration infrastructure traces to the GitHub account liuende501, which hosts 236 repositories used as credential dead-drops. The malware creates a new repository on the fly (e.g., nemean-hydra-34343) and uploads stolen credentials as encrypted JSON files to a results/ directory. Critically, Miasma generates a uniquely encrypted payload for each individual infection, making traditional hash-based IOCs functionally useless across the campaign — the file signature changes with every package version.

The Hades variant, identified by Endor Labs and OX Security, adds C2 polling: the malware checks GitHub every hour for commits matching the string "firedalazer" to retrieve and execute updated payloads.

Expansion to the Go Ecosystem

The campaign's reach beyond npm is confirmed through the Verana Blockchain Go module compromise, which employs the same Miasma execution pattern without relying on native Go module resolution or build logic. As of June 19, a follow-up hunt identified 1,614 exfiltration repositories across 21 compromised GitHub accounts — a significant expansion of the campaign's credential-harvesting infrastructure.

Impact and Scale

MetricCount
Affected npm artifacts tracked by Socket411 (across 106 packages)
New PyPI wheels37
Total artifacts tracked448
Microsoft GitHub repos disabled73
Exfiltration repos (June 19 hunt)1,614
Compromised GitHub accounts (June 19)21

As JFrog noted, the LeoPlatform and RStreams package sets are tied to cloud-native and serverless workloads: "A compromise here can expose developer workstations, CI/CD systems, AWS-backed applications, GitHub repositories, package publishing credentials, and downstream package consumers."

Perhaps most concerning: the campaign has operated across multiple ecosystems with zero CVEs assigned for any artifact in the entire campaign. There is no patch to apply — only vigilance.

Recommended Mitigations

  • Audit your node_modules for the presence of binding.gyp files in unexpected packages — particularly packages that do not require native compilation.
  • Review GitHub Actions workflows for unexpected OIDC token requests or permissions not explicitly required.
  • Enable npm package provenance verification, but understand that Miasma has demonstrated the ability to bypass SLSA provenance through compromised publisher accounts.
  • Monitor for Bun execution in CI/CD environments where Bun is not an expected runtime.
  • Check for IoCs: search GitHub Activity logs for references to liuende501 or repository patterns like nemean-hydra-*.
  • Use StepSecurity Harden-Runner or similar tools to detect anomalous outbound network connections from GitHub Actions workflows.
  • Pin GitHub Actions to commit SHAs rather than mutable tags to prevent hijacked action execution (e.g., uses: Azure/functions-action@<sha> instead of @v1).

References

  • The Hacker News: Miasma Malware Targets npm and GitHub Actions
  • Socket: Miasma Mini Shai-Hulud hits LeoPlatform and Go ecosystem
  • StepSecurity: Phantom Gyp supply chain attack
  • Sonatype: New Shai-Hulud Miasma Wave
  • Zscaler ThreatLabz: Shai-Hulud campaign evolution
#Malware#Supply Chain#npm#GitHub Actions#Open Source Security

Related Articles

North Korean Hackers Target Open Source Developers in Supply Chain Attacks

The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer targeting developers worldwide.

5 min read

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

JFrog researchers attribute a fresh npm supply chain campaign to North Korea's Lazarus Group. Malicious packages impersonating Rollup polyfill tooling...

4 min read

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Attackers poisoned at least 18 npm and Go packages with a novel technique: hiding malware in .vscode/tasks.json auto-run tasks, bypassing npm v12's...

4 min read
Back to all News