Miasma: Credential-Stealing Worm Compromises Red Hat npm Namespace.
A credential-stealing worm designated Miasma compromised 32 packages under the @redhat-cloud-services npm namespace on June 1, targeting developer credentials and cloud identities across an install base of roughly 80,000 weekly downloads.
On June 1, 2026, a supply chain attack compromised 32 official packages published under the @redhat-cloud-services npm namespace, injecting a credential-stealing worm that executes automatically during package installation. The campaign, internally designated Miasma, affected 96 specific package versions with a cumulative weekly download count of approximately 80,000. Most malicious versions were revoked within hours of detection. Two remained live as of the close of the four-hour incident window.
The root cause was a compromised Red Hat employee GitHub account. The attacker used it to push orphan commits to three RedHatInsights repositories — frontend-components, javascript-clients, and platform-frontend-ai-toolkit — bypassing code review entirely. Those commits introduced minimal GitHub Actions workflows configured to request OIDC tokens with id-token: write permissions. The workflows ran an obfuscated payload on push to any branch, using the acquired OIDC token to publish backdoored package versions directly to npm with valid SLSA provenance attestations. The attack unfolded in two waves, the first beginning at 10:53 UTC and a second beginning at 13:44 UTC.
The injected payload is a variant of the Mini Shai-Hulud malware previously associated with the threat group TeamPCP, which RedPosts covered when the group breached GitHub and Grafana via poisoned developer tooling earlier this year. Thematic references to the Dune universe used in earlier Shai-Hulud variants have been replaced with Greek mythology, but the underlying mechanics are substantially unchanged. Miasma adds two new data collectors not present in prior variants: one targeting GCP identities and one targeting Azure identities, expanding credential harvest scope beyond static secrets to all cloud identities accessible from the infected host. The worm also generates a uniquely encrypted payload per infection, making hash-based detection effective only against a specific compromised version.
On-install execution is handled through a preinstall script that invokes a heavily obfuscated index.js file. The payload exfiltrates GitHub tokens, npm tokens, SSH keys, AWS configurations, and the newly added GCP and Azure identity data to attacker-controlled repositories carrying the description string Miasma: The Spreading Blight. The malware then queries npm for other packages the compromised identity has publish access to and republishes itself to those packages, enabling downstream propagation.
Attribution remains uncertain. Wiz Research, which published the initial incident analysis, notes the tradecraft is consistent with TeamPCP TTPs, but TeamPCP open-sourced the Mini Shai-Hulud tooling on May 12, 2026, along with posts on BreachForums encouraging independent use. That release has complicated attribution for all subsequent campaigns. Threat intelligence firm Whiteintel reported detecting a Red Hat GitHub credential and session cookie in infostealer logs on April 13 and May 15, 2026, suggesting the account compromise predated the June 1 attack by several weeks.
Red Hat confirmed that no official Red Hat products shipped with compromised package versions. Organizations running any of the affected @redhat-cloud-services packages should treat developer workstations, CI/CD environments, and any secrets accessible from those systems as potentially exposed and rotate credentials accordingly.
The full list of affected packages and compromised version ranges is available in the Wiz Research advisory.