← BACK TO FEED
supply chain attacknpmRed Hatcredential theftShai-Hulud

Red Hat npm Packages Backdoored in Supply Chain Attack Stealing Cloud Credentials

Over 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were backdoored in a supply-chain attack, after attackers compromised a Red Hat employee's GitHub account and used it to publish malicious package versions containing credential-stealing malware. The malware, dubbed "Miasma," is a variant of the Shai-Hulud framework and was designed to steal a wide range of sensitive data including cloud credentials, SSH keys, CI/CD tokens, and environment files from developers who installed the affected packages. Red Hat removed the compromised packages and stated that they were limited to internal development tooling with no confirmed impact on customer environments, though the investigation remains ongoing.

More than 30 npm packages sitting under Red Hat's '@redhat-cloud-services' namespace were quietly backdoored last week, with attackers distributing a credential-stealing malware variant called Miasma. The packages collectively pull around 117,000 weekly downloads, which is a fairly large blast radius for a supply chain compromise.

The attack was uncovered by researchers at Aikido and OX Security, who found dozens of backdoored package versions designed to hoover up developer credentials, AWS and Google Cloud secrets, Azure service principal tokens, SSH keys, HashiCorp Vault tokens, Kubernetes service account tokens, npm and PyPI publishing tokens, Docker credentials, GPG keys, CI/CD pipeline secrets, and `.env` files. Basically anything useful sitting on a developer's machine.

Red Hat confirmed it removed the affected packages once notified and insists the compromise was confined to internal development tooling. The company says the malicious code never made it into customer-facing systems via console.redhat.com, and that no customer or partner environments were affected. Whether you take that at face value probably depends on how much you trust incident-response PR statements issued while an investigation is still ongoing. Red Hat hasn't publicly explained how the initial account was compromised.

According to Aikido, the attackers got hold of a Red Hat employee's GitHub account and used it to push malicious commits to multiple repositories. Those commits introduced a GitHub Actions workflow that exploited npm's trusted publishing mechanism. The workflow requested a short-lived OIDC token from GitHub using `id-token: write` permissions, then authenticated directly with npm's publishing endpoint to push backdoored package versions. Clean and relatively clever, as these things go.

The backdoored packages contained a preinstall script that ran automatically when developers installed them, silently executing a heavily obfuscated `index.js` payload weighing in at around 4.2 MB. Aikido counted 32 packages and 96 package versions caught up in the compromise.

Anyone who installed affected versions should rotate every credential, token, and secret accessible from the affected machine. Immediately, not eventually.

The malware itself appears to be a new variant of Shai-Hulud, a credential-stealing framework that has been making the rounds in supply chain attacks over the past few months. Bitwarden, SAP, Mistral, TanStack, OpenAI, and GitHub have all been hit by campaigns using variants of this malware. In May, the TeamPCP threat group published the source code for their Mini Shai-Hulud framework, which predictably opened the door to copycat campaigns.

The Miasma variant shares a lot of DNA with Mini Shai-Hulud but adds extra obfuscation layers, multi-stage payload delivery, and expanded credential harvesting. It also leaves a fairly brazen calling card in compromised repositories in the form of a comment string reading "Miasma: The Spreading Blight." Subtle it is not.

Whether this is TeamPCP operating under a new banner or a separate actor who grabbed the leaked source code and made modifications isn't yet clear. What is clear is that 309 GitHub repositories have been compromised by the Miasma campaign so far, and that number is still climbing.