Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware
Cybersecurity NewsArchived Jun 01, 2026✓ Full text saved
A significant supply chain attack on June 1, 2026, targeting over 30 official packages under the @redhat-cloud-services npm scope. The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family a sophisticated credential-stealing worm previously linked to threat actor group TeamPCP. This is not a typosquatting campaign. The attackers […] The post Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware appeared fi
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Attack News
Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware
By Guru Baran
June 1, 2026
A significant supply chain attack on June 1, 2026, targeting over 30 official packages under the @redhat-cloud-services npm scope.
The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family a sophisticated credential-stealing worm previously linked to threat actor group TeamPCP.
This is not a typosquatting campaign. The attackers hijacked a legitimate, trusted npm namespace and published backdoored versions of widely-used frontend components, API clients, and developer tooling.
According to Aikido and JFrog detections, the malicious packages were published via GitHub Actions OIDC tokens, indicating the CI/CD pipeline itself was compromised, not individual developer accounts.
Each poisoned package embeds a preinstall lifecycle hook in its package.json:
json"scripts": { "preinstall": "node index.js" }
This executes a 4.2 MB obfuscated payload automatically during every npm install, before any application code runs. The loader uses a multi-stage decryption chain — numeric character arrays, a ROT-style transform, and AES-128-GCM blobs — to evade static detection, before dropping a transient Bun-based payload to /tmp/p*.js for execution.
Once active, the malware performs a sweeping credential collection targeting:
GitHub tokens — classic, fine-grained, and GitHub Actions OIDC tokens
Cloud credentials — AWS access keys, GCP service account files, Azure service principal and managed identity tokens
Infrastructure secrets — Kubernetes service account tokens and kubeconfig files, HashiCorp Vault tokens
Developer tooling — npm and PyPI publish tokens, SSH private keys, Docker registry credentials, GPG keys, .env files across the filesystem
In cloud environments, the malware goes beyond static files. It actively queries AWS Secrets Manager, SSM Parameter Store, Azure Key Vault, and GCP Secret Manager when permissions allow. GitHub Actions runners are a prime target: the payload reads secrets directly from runtime process memory, bypassing workflow log masking entirely.
A notable evasion technique in this wave involves disguising exfiltration traffic to api.anthropic.com/v1/api — a legitimate-looking domain that blends into network logs at organizations using Anthropic services.
The /v1/api path is not a valid Anthropic route, suggesting attackers chose it purely for camouflage. Defenders should hunt for node or Bun processes contacting this host from CI runners or developer machines.
The malware also uses a GitHub dead-drop model, creating public repositories under victim accounts with the description Miasma: The Spreading Blight and committing stolen credentials as JSON result files.
The malware installs persistent monitoring services — kitty-monitor.service on Linux and com.user.kitty-monitor.plist on macOS — that poll for remote instructions. It also injects hooks into AI developer tools including Claude, Codex, Gemini, Copilot, Kiro, and opencode, and adds VS Code folder-open tasks that re-execute the payload.
Most critically, a destructive token monitor (gh-token-monitor) watches stolen GitHub tokens. If a token is revoked before persistence is removed, it can execute destructive commands such as wiping the user’s home directory.
Incident responders must isolate machines and remove persistence before revoking any tokens.
Indicators of Compromise
Any project that installed the following package versions on or after June 1, 2026 should be treated as compromised: Here is the complete IOC table for all 31 compromised @redhat-cloud-services npm packages:
# Package Name Malicious Version
1 @redhat-cloud-services/chrome 2.3.1
2 @redhat-cloud-services/compliance-client 4.0.3
3 @redhat-cloud-services/config-manager-client 5.0.4
4 @redhat-cloud-services/entitlements-client 4.0.11
5 @redhat-cloud-services/eslint-config-redhat-cloud-services 3.2.1
6 @redhat-cloud-services/frontend-components 7.7.2
7 @redhat-cloud-services/frontend-components-advisor-components 3.8.2
8 @redhat-cloud-services/frontend-components-config 6.11.3
9 @redhat-cloud-services/frontend-components-config-utilities 4.11.2
10 @redhat-cloud-services/frontend-components-notifications 6.9.2
11 @redhat-cloud-services/frontend-components-remediations 4.9.2
12 @redhat-cloud-services/frontend-components-testing 1.2.1
13 @redhat-cloud-services/frontend-components-translations 4.4.1
14 @redhat-cloud-services/frontend-components-utilities 7.4.1
15 @redhat-cloud-services/hcc-feo-mcp 0.3.1
16 @redhat-cloud-services/hcc-kessel-mcp 0.3.1
17 @redhat-cloud-services/hcc-pf-mcp 0.6.1
18 @redhat-cloud-services/host-inventory-client 5.0.3
19 @redhat-cloud-services/insights-client 4.0.4
20 @redhat-cloud-services/integrations-client 6.0.4
21 @redhat-cloud-services/javascript-clients-shared 2.0.8
22 @redhat-cloud-services/notifications-client 6.1.4
23 @redhat-cloud-services/patch-client 4.0.4
24 @redhat-cloud-services/quickstarts-client 4.0.11
25 @redhat-cloud-services/rbac-client 9.0.3
26 @redhat-cloud-services/remediations-client 4.0.4
27 @redhat-cloud-services/rule-components 4.7.2
28 @redhat-cloud-services/sources-client 3.0.10
29 @redhat-cloud-services/tsc-transform-imports 1.2.2
30 @redhat-cloud-services/types 3.6.1
31 @redhat-cloud-services/vulnerabilities-client 2.1.8
If any of these package versions were installed in your environment on or after June 1, 2026, immediately treat all GitHub tokens, npm tokens, cloud credentials (AWS, GCP, Azure), Kubernetes service account tokens, SSH keys, and CI/CD secrets as compromised. Isolate affected machines before revoking any tokens to avoid triggering the Miasma dead-man switch.
Mitigation Steps
Run npm uninstall on all affected packages and regenerate lockfiles from trusted metadata
Use npm ci --ignore-scripts in CI pipelines as a temporary safeguard
Remove kitty-monitor and gh-token-monitor persistence files from all affected machines before revoking tokens
Inspect .claude/settings.json, .vscode/tasks.json, and ~/.config/index.js for injected hooks
Audit npm and GitHub accounts for unexpected patch-version publishes or newly created repositories matching the Miasma: The Spreading Blight description
Rotate all exposed credentials — GitHub tokens, npm tokens, cloud keys, SSH keys, Vault tokens, and Kubernetes service account tokens — only after persistence is confirmed removed
Rebuild affected CI runners and developer workstations from clean images
Free Webinar on OWASP API Top 10 and Guide to Close Visibility Gaps With WAAP
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
Microsoft Tightens Entra ID Password Resets With New Authentication Change
Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings
Seedworm APT Abuses Signed Fortemedia and SentinelOne Binaries for DLL Sideloading
Apache CXF LDAP Injection Vulnerability Let Attacker Retrieve Arbitrary Certificates
AI-Generated npm Malware Accidentally Exposes Threat Actor’s Private GitHub Token
Latest News
Cyber Security News
Iranian Hackers Abuse AppDomainManager Hijacking to Evade EDR Detection
Cyber Security News
SideCopy Hackers Deploy Persistent XenoRAT Malware to Target Afghanistan Finance Ministry
Cyber Security News
Critical Plesk Vulnerability Let Users Execute Arbitrary Commands on the Server
Cyber Security News
Iran-Linked Hackers Destroy IT, Backups, and Recovery Systems in Cyberattack targeting Middle East
Cyber Security News
New DriveSurge Threat Actor Uses ClickFix and Fake Updates to Infect Website Visitors