← All briefs
high July 15, 2026

AsyncAPI npm Supply Chain Compromise: GitHub Actions Abuse to Miasma Implant

Source report →

On July 14, 2026, researchers disclosed a supply chain compromise of the @asyncapi npm organization affecting five releases across four packages, including @asyncapi/specs, which alone draws roughly 2.7 million of the family's 2.9 million weekly downloads. What makes this campaign notable is not the entry vector, which is a now-familiar CI/CD abuse, but the payload: the malicious code executes on package import rather than at install time, and it delivers a full modular implant framework that self-identifies in source as M-RED-TEAM and brands its artifacts as Miasma. Attribution is inconclusive, with overlapping signals pointing at a prt-scan style pull request flood, the M-RED-TEAM implant lineage, and naming that echoes an earlier Miasma toolkit, though the current Node based payload diverges from the prior Bun based one.

Initial access came through a pull_request_target workflow in the asyncapi/generator repository that checked out the untrusted pull request head while retaining access to repository secrets. The actor opened a burst of pull requests and hid obfuscated JavaScript behind roughly a thousand bytes of whitespace in one of them, so that when the workflow ran it scanned the runner environment and exfiltrated the npm publish token and bot credential to a paste style dead drop. With a valid bot identity in hand, the actor pushed malicious commits to the release branch and let the trusted release workflow publish the backdoored packages to npm, which is why the publish stage surfaces in audit logs as a bot account driving releases.

The injected code was placed in modules that load during normal use, so simply importing a compromised package triggers it. Stage one spawns a detached Node process via an inline command evaluation, immediately unreferences the child, and fetches a multi megabyte obfuscated loader from a public IPFS gateway, writing it to disk under directories disguised as legitimate Node tooling. The loader decrypts the next stage using HKDF derived keys and authenticated encryption, then launches the Miasma implant, which generates a keypair, establishes persistence tailored to each operating system while masquerading as Node or NVM components, and beacons to a hardcoded raw IP command server on non standard ports roughly every thirty seconds. For resilience the implant also carries fallback channels over Nostr relays, an Ethereum smart contract, and a BitTorrent style distributed hash table.

Once resident, the implant runs credential harvesters that target browser saved passwords and cookies, SSH keys, npm and GitHub tokens, cloud provider credentials, the macOS Keychain, and cryptocurrency wallets, staging and returning results over the encrypted command channel with a plaintext fallback. The framework accepts tasking for file operations, shell execution, propagation, and self update, and it ships with a dormant destructive capability: a deadman wipe that was left disabled in this wave and is flagged by a simulation marker rather than triggering real destruction.

SHA256 FILE HASH 10
9b2e65db653ca8575c9b10eefb9a80c6006404812c2ec212bf5675e3c690233b
d425e4583cc6185d41e95c45eda00550045a5d1919b9a012236a4520d009dbd7
bfaeb987faa6de2b5a5eb63b1233d055215b09b0349a9394f2175fd7cdf385e4
34014776d3d3ff11bc4439b02fd7ac0f02a887eb3a052eeafff236e2f6db8ad1
082d733db0687dcd768104972b065d4b58cb1e6043688c6c20fa3702337f36ab
9e214f38537e69bf51c7fa1ddd35ae495e9cb897231ec010baf9e4f29407ee9a
f873941d1907a97dc6c718fdecf59fd7d91f3f8212da2f7e5314b878b88bdc0b
550af477c12192a22f5c9edb9c8081c0a789b3a1a2992a7ecb157cca1c975e10
24b9ee242f21a73b55f7bb3297eafb33c60840907386b542ed79fc6b72365168
9f1a709310824f9110c6203d861a721ebefba8b204a8657057fe57efb961c850
SHA1 FILE HASH 5
22bf76fe317ea6769bd38619bd440e42d119bd6b
a7e18d96efd3cdb127ef4cdcad9e3ad26c482bf2
9890950adcbc2478e7a080234f053214adbad44e
c70e105e212ff3c1daa04bb2a62507717f296b0b
c8cb3f6d5b90c46686d2bf531dc1a5786e27edc5
IP ADDRESS 1
85.137.53.71
URL 2
http://85.137.53.71:8080/api/v1/beacon
http://85.137.53.71:8080/api/v1/file-result
FILE NAME 2
miasma-monitor.service
SIMULATION_WIPE_TRIGGERED.txt

Detections (10)

Enable detections →

Connect your environment for suggestions and queries personalized to your security telemetry.

  • Node Inline Eval Process Connecting to IPFS Gateway
  • Miasma Implant Host Artifacts Written on Linux
  • Miasma Implant Systemd User Service Persistence on Linux
  • Miasma Implant Run Key Persistence on Windows"
  • npm Lifecycle Hook Spawning Node Child From Temporary Directory
  • CI Runner Exfiltrating Secrets to a Paste or Dead-Drop Service (rentry.co)
  • Node Process Spawning a Detached Inline 'node -e' Child on Package Import
  • Endpoint Beacon to a Hardcoded Raw-IP C2 on Non-Standard High Ports
  • JavaScript Runtime Downloading an Executable Payload from a Public IPFS Gateway