CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 01, 2026

Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware

Cybersecurity News Archived Jun 01, 2026 ✓ Full text saved

A significant supply chain attack on June 1, 2026, targeting over 30 official packages under the @redhat-cloud-services npm scope. The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family a sophisticated credential-stealing worm previously linked to threat actor group TeamPCP. This is not a typosquatting campaign. The attackers […] The post Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware appeared fi

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Attack News Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware By Guru Baran June 1, 2026 A significant supply chain attack on June 1, 2026, targeting over 30 official packages under the @redhat-cloud-services npm scope. The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family a sophisticated credential-stealing worm previously linked to threat actor group TeamPCP. This is not a typosquatting campaign. The attackers hijacked a legitimate, trusted npm namespace and published backdoored versions of widely-used frontend components, API clients, and developer tooling. According to Aikido and JFrog detections, the malicious packages were published via GitHub Actions OIDC tokens, indicating the CI/CD pipeline itself was compromised, not individual developer accounts. Each poisoned package embeds a preinstall lifecycle hook in its package.json: json"scripts": { "preinstall": "node index.js" } This executes a 4.2 MB obfuscated payload automatically during every npm install, before any application code runs. The loader uses a multi-stage decryption chain — numeric character arrays, a ROT-style transform, and AES-128-GCM blobs — to evade static detection, before dropping a transient Bun-based payload to /tmp/p*.js for execution. Once active, the malware performs a sweeping credential collection targeting: GitHub tokens — classic, fine-grained, and GitHub Actions OIDC tokens Cloud credentials — AWS access keys, GCP service account files, Azure service principal and managed identity tokens Infrastructure secrets — Kubernetes service account tokens and kubeconfig files, HashiCorp Vault tokens Developer tooling — npm and PyPI publish tokens, SSH private keys, Docker registry credentials, GPG keys, .env files across the filesystem In cloud environments, the malware goes beyond static files. It actively queries AWS Secrets Manager, SSM Parameter Store, Azure Key Vault, and GCP Secret Manager when permissions allow. GitHub Actions runners are a prime target: the payload reads secrets directly from runtime process memory, bypassing workflow log masking entirely. A notable evasion technique in this wave involves disguising exfiltration traffic to api.anthropic.com/v1/api — a legitimate-looking domain that blends into network logs at organizations using Anthropic services. The /v1/api path is not a valid Anthropic route, suggesting attackers chose it purely for camouflage. Defenders should hunt for node or Bun processes contacting this host from CI runners or developer machines. The malware also uses a GitHub dead-drop model, creating public repositories under victim accounts with the description Miasma: The Spreading Blight and committing stolen credentials as JSON result files. The malware installs persistent monitoring services — kitty-monitor.service on Linux and com.user.kitty-monitor.plist on macOS — that poll for remote instructions. It also injects hooks into AI developer tools including Claude, Codex, Gemini, Copilot, Kiro, and opencode, and adds VS Code folder-open tasks that re-execute the payload. Most critically, a destructive token monitor (gh-token-monitor) watches stolen GitHub tokens. If a token is revoked before persistence is removed, it can execute destructive commands such as wiping the user’s home directory. Incident responders must isolate machines and remove persistence before revoking any tokens. Indicators of Compromise Any project that installed the following package versions on or after June 1, 2026 should be treated as compromised: Here is the complete IOC table for all 31 compromised @redhat-cloud-services npm packages: # Package Name Malicious Version 1 @redhat-cloud-services/chrome 2.3.1 2 @redhat-cloud-services/compliance-client 4.0.3 3 @redhat-cloud-services/config-manager-client 5.0.4 4 @redhat-cloud-services/entitlements-client 4.0.11 5 @redhat-cloud-services/eslint-config-redhat-cloud-services 3.2.1 6 @redhat-cloud-services/frontend-components 7.7.2 7 @redhat-cloud-services/frontend-components-advisor-components 3.8.2 8 @redhat-cloud-services/frontend-components-config 6.11.3 9 @redhat-cloud-services/frontend-components-config-utilities 4.11.2 10 @redhat-cloud-services/frontend-components-notifications 6.9.2 11 @redhat-cloud-services/frontend-components-remediations 4.9.2 12 @redhat-cloud-services/frontend-components-testing 1.2.1 13 @redhat-cloud-services/frontend-components-translations 4.4.1 14 @redhat-cloud-services/frontend-components-utilities 7.4.1 15 @redhat-cloud-services/hcc-feo-mcp 0.3.1 16 @redhat-cloud-services/hcc-kessel-mcp 0.3.1 17 @redhat-cloud-services/hcc-pf-mcp 0.6.1 18 @redhat-cloud-services/host-inventory-client 5.0.3 19 @redhat-cloud-services/insights-client 4.0.4 20 @redhat-cloud-services/integrations-client 6.0.4 21 @redhat-cloud-services/javascript-clients-shared 2.0.8 22 @redhat-cloud-services/notifications-client 6.1.4 23 @redhat-cloud-services/patch-client 4.0.4 24 @redhat-cloud-services/quickstarts-client 4.0.11 25 @redhat-cloud-services/rbac-client 9.0.3 26 @redhat-cloud-services/remediations-client 4.0.4 27 @redhat-cloud-services/rule-components 4.7.2 28 @redhat-cloud-services/sources-client 3.0.10 29 @redhat-cloud-services/tsc-transform-imports 1.2.2 30 @redhat-cloud-services/types 3.6.1 31 @redhat-cloud-services/vulnerabilities-client 2.1.8 If any of these package versions were installed in your environment on or after June 1, 2026, immediately treat all GitHub tokens, npm tokens, cloud credentials (AWS, GCP, Azure), Kubernetes service account tokens, SSH keys, and CI/CD secrets as compromised. Isolate affected machines before revoking any tokens to avoid triggering the Miasma dead-man switch. Mitigation Steps Run npm uninstall on all affected packages and regenerate lockfiles from trusted metadata Use npm ci --ignore-scripts in CI pipelines as a temporary safeguard Remove kitty-monitor and gh-token-monitor persistence files from all affected machines before revoking tokens Inspect .claude/settings.json, .vscode/tasks.json, and ~/.config/index.js for injected hooks Audit npm and GitHub accounts for unexpected patch-version publishes or newly created repositories matching the Miasma: The Spreading Blight description Rotate all exposed credentials — GitHub tokens, npm tokens, cloud keys, SSH keys, Vault tokens, and Kubernetes service account tokens — only after persistence is confirmed removed Rebuild affected CI runners and developer workstations from clean images Free Webinar on OWASP API Top 10 and Guide to Close Visibility Gaps With WAAP Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Microsoft Tightens Entra ID Password Resets With New Authentication Change Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings Seedworm APT Abuses Signed Fortemedia and SentinelOne Binaries for DLL Sideloading Apache CXF LDAP Injection Vulnerability Let Attacker Retrieve Arbitrary Certificates AI-Generated npm Malware Accidentally Exposes Threat Actor’s Private GitHub Token Latest News Cyber Security News Iranian Hackers Abuse AppDomainManager Hijacking to Evade EDR Detection Cyber Security News SideCopy Hackers Deploy Persistent XenoRAT Malware to Target Afghanistan Finance Ministry Cyber Security News Critical Plesk Vulnerability Let Users Execute Arbitrary Commands on the Server Cyber Security News Iran-Linked Hackers Destroy IT, Backups, and Recovery Systems in Cyberattack targeting Middle East Cyber Security News New DriveSurge Threat Actor Uses ClickFix and Fake Updates to Infect Website Visitors
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 01, 2026
    Archived
    Jun 01, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗