Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack Ravie LakshmananJun 26, 2026Supply Chain Attack / Developer Security Cybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes malicious npm releases affecting LeoPlatform and RStreams packages, GitHub Actions workflow abuse, and a related Go module compromise involving the Verana Blockchain project," Socket said. The end goal of the campaign, as before, is to harvest developer or maintainer credentials and weaponize the stolen data to spread across package registries, repositories, and trusted developer workflows. The list of affected packages is below - hexo-deployer-wrangler@1.0.4 hexo-shoka-swiper@0.1.10 leo-auth@4.0.6 leo-aws@2.0.4 leo-cache@1.0.2 leo-cdk-lib@0.0.2 leo-cli@3.0.3 leo-config@1.1.1 leo-connector-elasticsearch@2.0.6 leo-connector-mongo@3.0.8 leo-connector-mysql@3.0.3 leo-connector-oracle@2.0.1 leo-connector-redshift@3.0.6 leo-cron@2.0.2 leo-logger@1.0.8 leo-sdk@6.0.19 leo-streams@2.0.1 prism-silq@1.0.1 rstreams-metrics@2.0.2 rstreams-shard-util@1.0.1 serverless-convention@2.0.4 serverless-leo@3.0.14 solo-nav@1.0.1 github.com/verana-labs/verana-blockchain@v0.10.1-dev.20 (Go) It's suspected that an npm developer account associated with the LeoPlatform ("czirker") was breached, likely via leaked credentials, to enable the attack, allowing the threat actors to leverage an npm token belonging to the maintainer to push trojanized versions within a six-second window. The new wave leverages many of the tactics observed in prior campaigns, including npm registry poisoning, binding.gyp install-time execution, Bun-staged JavaScript malware, GitHub dead-drop infrastructure, GitHub Actions secret theft, IDE and AI coding assistant persistence, and encrypted credential exfiltration. The malicious npm packages, while lacking a lifecycle hook typically added to the package.json file, incorporates a binding.gyp file to execute arbitrary code during installation, resulting in the launch of a JavaScript loader that downloads and installs the Bun runtime if not present, and then initiate the stealer payload responsible for harvesting secrets, credentials, and tokens. The malware, besides featuring a Russian locale killswitch and checking for the presence of endpoint security software, drops a workflow named "Run Copilot" to capture CI/CD environment secrets from the runner memory. The information is then uploaded to a public GitHub repository with description "Alright Lets See If This Works." As of writing, there are 559 repositories matching the description. The token relay marker has also witnessed a change in the latest iteration. While earlier waves used strings like "IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner," the current artifact uses "RevokeAndItGoesKaboom," a string that has been used as GitHub dead drop resolver in connection with the recent compromise of the "codfish/semantic-release-action" GitHub Action. "On June 24, 2026 at 15:39:06 UTC, an attacker force-pushed a malicious commit to codfish/semantic-release-action and redirected several version tags to point at the malicious commit," StepSecurity said. "Any workflow that ran against one of these tags after that timestamp executed the attacker's payload directly inside the GitHub Actions runner. The payload steals GitHub OIDC tokens, harvests Personal Access Tokens matching known GitHub token patterns, encrypts the collected material with AES-128-GCM, and attempts to propagate a backdoor into other repositories accessible with the stolen credentials." This indicates that all these events are linked to the same operational cluster or tooling lineage. According to Endor Labs and OX Security, the malware also polls GitHub every hour for commits matching the string "firedalazer" to retrieve and execute the Hades variant of the malware. "The Leo/RStreams package set is tied to cloud-native and serverless workloads," JFrog said. "A compromise here can expose developer workstations, CI/CD systems, AWS-backed applications, GitHub repositories, package publishing credentials, and downstream package consumers." "The notable story is not that the payload is radically new. It is that Shai-Hulud continues to move across legitimate package ecosystems while changing just enough indicators to make stale detections less effective." What's more, the poisoning of the Verana GitHub expands the scope of the campaign beyond npm. That having said, the attack employs the same Miasma execution pattern observed in malicious npm packages without relying on native Go module resolution or build logic. "Unlike the npm packages, this sample does not rely on binding.gyp," Socket explained. "The risk is source-repository execution: a developer who clones or opens the repository in a trusted IDE or AI coding assistant environment may trigger the payload through project configuration." "This reinforces the larger campaign theme: Miasma is moving across package ecosystems by targeting developer workflows, not just package-manager install hooks." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Blockchain, CI/CD, Credential Theft, Developer Security, GitHub Actions, Go, Malware, NPM, Supply Chain Attack ⚡ Top Stories This Week U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories Load More ▼ ⭐ Featured Resources Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale [Watch Demo] See Which Security Gaps Attackers Could Exploit First AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check