Infected Red Hat npm packages expose developer credentials

Developers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supply chain attack compromising over 30 Red Hat Cloud Services-related npm packages to steal credentials, authentication tokens, and other secrets from developer environments. The campaign, which Wiz researchers are tracking as Miasma, is thought to be the latest evolution of Shai-Hulud , a self-propagating malware family that has repeatedly surfaced in software supply chain attacks targeting the npm ecosystem. “Investigation revealed that at least 32 package releases contained unauthorized modifications that do not match the corresponding source repositories,” Wiz researchers said in a blog post . “These packages cumulatively average ~80,000 weekly downloads.” The worm also appears to be expanding its ambitions. Wiz noted that Miasma includes new collectors for Google Cloud and Azure identities, extending its focus from credential theft to mapping and potentially exploiting cloud access available from compromised developer environments. By compromising packages associated with Red Hat Cloud Services, the attackers are targeting a software ecosystem that many organisations already trust. The good news is that most of the packages feared to be infected are already removed, the researchers noted. Shai Hulud came for trusted packages According to reports , attackers compromised npm packages published under Red Hat Cloud Services-related namespace and inserted malware capable of executing automatically during package installation. The malicious payload was designed to steal a wide range of credentials and secrets from infected environments. Researchers observed attempts to collect npm authentication tokens, environment variables, cloud credentials, and other sensitive information commonly stored on developer workstations and CI/CD systems. Wiz’s analysis found that the malware belonged to the Mini Shai-Hulud family, a credential-stealing threat that has repeatedly appeared in npm ecosystem attacks throughout the year. “The payload appears to be derived from the (Mini) Shai-Hulud malware open-sourced by TeamPCP,” the researchers said. “The observed modifications are largely cosmetic, with references to the Dune universe replaced by Greek mythology themes (i.e., ‘spartan’), while the underlying functionality and tradecraft remain substantially similar.” The malware variant was seen creating repositories containing the description “Miasma: The Spreading Blight.” Supply chain is the focus, again. While credential theft was an immediate objective, researchers say the campaign’s broader goal appears to have been persistence and expansion within software distribution ecosystems. According to Wiz, the malware actively searched for credentials associated with package publishing workflows. OX Security similarly noted that the code targeted secrets that could enable attackers to move beyond the initially compromised packages and gain access to additional developer accounts and repositories. Wiz also found that the attackers modified package publishing workflows to make the malicious releases appear legitimate. A GitHub Actions workflow requested GitHub OpenID Connect (OIDC) identity tokens and executed an obfuscated payload that published packages with valid SLSA provenance attestations. This allowed the compromised releases to carry trusted supply-chain metadata. The technique draws from TeamPCP’s earlier attack against TanStack , the threat actor behind open-sourcing the Mini Shai-Hulud malware. Parallels with the threat actor’s code were observed in the recent Megalodon campaign, too, indicating an active spill over from the months-old supply chain rampage. For affected organizations, the immediate priority is determining whether the malicious packages were installed and whether any credentials may have been exposed. The researchers recommended rotating potentially compromised secrets, revoking and reissuing npm publishing tokens, and reviewing repository and package publishing activities. Wiz researchers said “most” malicious versions were revoked at the time of publishing the disclosure. It also shared a list of indicators of compromise (IOCs) along with the names of infected packages for additional support.