AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant
Source report →On July 14, 2026, researchers disclosed a supply chain compromise of the @asyncapi npm organization affecting five releases across four packages, including @asyncapi/specs, which alone draws roughly 2.7 million of the family's 2.9 million weekly downloads. What makes this campaign notable is not the entry vector, which is a now-familiar CI/CD abuse, but the payload: the malicious code executes on package import rather than at install time, and it delivers a full modular implant framework that self-identifies in source as M-RED-TEAM and brands its artifacts as Miasma. Attribution is inconclusive, with overlapping signals pointing at a prt-scan style pull request flood, the M-RED-TEAM implant lineage, and naming that echoes an earlier Miasma toolkit, though the current Node based payload diverges from the prior Bun based one.
Initial access came through a pull_request_target workflow in the asyncapi/generator repository that checked out the untrusted pull request head while retaining access to repository secrets. The actor opened a burst of pull requests and hid obfuscated JavaScript behind roughly a thousand bytes of whitespace in one of them, so that when the workflow ran it scanned the runner environment and exfiltrated the npm publish token and bot credential to a paste style dead drop. With a valid bot identity in hand, the actor pushed malicious commits to the release branch and let the trusted release workflow publish the backdoored packages to npm, which is why the publish stage surfaces in audit logs as a bot account driving releases.
The injected code was placed in modules that load during normal use, so simply importing a compromised package triggers it. Stage one spawns a detached Node process via an inline command evaluation, immediately unreferences the child, and fetches a multi megabyte obfuscated loader from a public IPFS gateway, writing it to disk under directories disguised as legitimate Node tooling. The loader decrypts the next stage using HKDF derived keys and authenticated encryption, then launches the Miasma implant, which generates a keypair, establishes persistence tailored to each operating system while masquerading as Node or NVM components, and beacons to a hardcoded raw IP command server on non standard ports roughly every thirty seconds. For resilience the implant also carries fallback channels over Nostr relays, an Ethereum smart contract, and a BitTorrent style distributed hash table.
Once resident, the implant runs credential harvesters that target browser saved passwords and cookies, SSH keys, npm and GitHub tokens, cloud provider credentials, the macOS Keychain, and cryptocurrency wallets, staging and returning results over the encrypted command channel with a plaintext fallback. The framework accepts tasking for file operations, shell execution, propagation, and self update, and it ships with a dormant destructive capability: a deadman wipe that was left disabled in this wave and is flagged by a simulation marker rather than triggering real destruction.
IOCs (20)
Scan your environment for IOCs →SHA256 FILE HASH 10
9b2e65db653ca8575c9b10eefb9a80c6006404812c2ec212bf5675e3c690233bd425e4583cc6185d41e95c45eda00550045a5d1919b9a012236a4520d009dbd7bfaeb987faa6de2b5a5eb63b1233d055215b09b0349a9394f2175fd7cdf385e434014776d3d3ff11bc4439b02fd7ac0f02a887eb3a052eeafff236e2f6db8ad1082d733db0687dcd768104972b065d4b58cb1e6043688c6c20fa3702337f36ab9e214f38537e69bf51c7fa1ddd35ae495e9cb897231ec010baf9e4f29407ee9af873941d1907a97dc6c718fdecf59fd7d91f3f8212da2f7e5314b878b88bdc0b550af477c12192a22f5c9edb9c8081c0a789b3a1a2992a7ecb157cca1c975e1024b9ee242f21a73b55f7bb3297eafb33c60840907386b542ed79fc6b723651689f1a709310824f9110c6203d861a721ebefba8b204a8657057fe57efb961c850SHA1 FILE HASH 5
22bf76fe317ea6769bd38619bd440e42d119bd6ba7e18d96efd3cdb127ef4cdcad9e3ad26c482bf29890950adcbc2478e7a080234f053214adbad44ec70e105e212ff3c1daa04bb2a62507717f296b0bc8cb3f6d5b90c46686d2bf531dc1a5786e27edc5IP ADDRESS 1
85.137.53.71URL 2
http://85.137.53.71:8080/api/v1/beaconhttp://85.137.53.71:8080/api/v1/file-resultFILE NAME 2
miasma-monitor.serviceSIMULATION_WIPE_TRIGGERED.txtDetections (10)
Enable detections →Connect your environment for suggestions and queries personalized to your security telemetry.
- Node Inline Eval Process Connecting to IPFS Gateway
- Miasma Implant Host Artifacts Written on Linux
- Miasma Implant Systemd User Service Persistence on Linux
- Miasma Implant Run Key Persistence on Windows"
- npm Lifecycle Hook Spawning Node Child From Temporary Directory
- CI Runner Exfiltrating Secrets to a Paste or Dead-Drop Service (rentry.co)
- Node Process Spawning a Detached Inline 'node -e' Child on Package Import
- Endpoint Beacon to a Hardcoded Raw-IP C2 on Non-Standard High Ports
- JavaScript Runtime Downloading an Executable Payload from a Public IPFS Gateway