“73 Microsoft repositories on GitHub” — that specific tally is one of several concrete signs of how the Miasma credential‑stealing worm has already reached into trusted open‑source supply chains.
How Miasma operates: autonomous theft and self‑propagation
Miasma is a credential‑stealing attack framework that infects a developer machine, steals the build environment and cloud credentials, and then abuses those credentials to compromise legitimate repositories and packages, publishing trojanized versions to infect downstream developers and repeat the cycle. The framework requires no traditional command‑and‑control infrastructure; according to analysis in the leak, it uses GitHub as its operational channel. That autonomous, worm‑like self‑propagation can turn a single breach into a rapid supply‑chain cascade.
Credential targets, lateral movement, and affected ecosystems
The leaked code shows Miasma harvests credentials from cloud providers, CI/CD systems, password managers, Kubernetes clusters, and secret stores. It uses those credentials to attack package ecosystems and repository infrastructure—specifically npm, PyPI, RubyGems, GitHub repositories and Actions workflows, and JFrog Artifactory instances. The toolkit also moves laterally via SSH and AWS Systems Manager (SSM), and includes routines to poison configurations of AI coding tools named in the leak: Claude, Gemini, Cursor, Copilot, Kiro, and Cline. Earlier activity tied to the malware has been linked to attacks on Red Hat npm packages and, more recently, 73 Microsoft repositories on GitHub.
The leak: deliberate release via compromised accounts
Researchers at SafeDep reported yesterday that Miasma’s source code was briefly open‑sourced on GitHub through numerous compromised developer accounts. In each account the actors published a repository titled "Miasma-Open-Source-Release," which SafeDep says indicates a deliberate publication rather than an accidental exposure. Analysts note Miasma appears to be an evolution of the earlier Shai‑Hulud worm; Shai‑Hulud’s own leak previously produced more advanced variants and increased attack rates, and SafeDep warns the Miasma leak is likely to produce a similar uptick as other actors adopt and adapt the code.
Destructive safeguards: the dead‑man switch revealed
The leaked source includes a “dead‑man switch” that is installed when the malware uses a victim’s stolen GitHub token as an exfiltration channel. That component polls the token’s validity every minute; if the token is revoked, it executes a destructive shell command—rm -rf ~/; rm -rf ~/Documents—recursively deleting files in the user’s home and Documents folders. The monitor persists as a systemd user service on Linux or a LaunchAgent on macOS and remains active for up to 72 hours, according to the leaked code.
Build pipeline and evasion techniques
SafeDep’s analysis outlines a five‑stage build pipeline that produces unique payloads for each build. The process combines per‑file AES‑256‑GCM encryption of embedded assets, randomized string obfuscation, source transformations, JavaScript obfuscation, and a self‑extracting loader that wraps the final payload in three layers of encryption. Random keys and a randomized outer encoding layer mean each generated sample differs from prior builds, a design that deliberately complicates signature‑based detection and static analysis.
What this means for software developers, security teams, and open‑source maintainers
- Software developers: The leak underlines practical hardening steps already advised in public reporting—pin project dependencies, introduce multi‑day delays before adopting newly released package updates, and validate new builds in isolated test environments. Those measures are explicitly recommended in the coverage of the incident.
- Security teams: The leak elevates the value of continuous validation and detection tuning. The source material cites a statistic—security teams log 54% of successful attacks and alert on just 14%—and points to breach‑and‑attack simulation (for example, tools described in the cited Picus whitepaper) as a method to test SIEM and EDR rules so “threats stop slipping by detection.”
- Open‑source maintainers: The publication of working Miasma code via repos named "Miasma-Open-Source-Release" demonstrates attackers’ willingness to hand potential tooling to other actors. Maintainers must be alert for signs of repository compromise and for trojanized upstream packages that can appear suddenly and mimic legitimate releases.
The leak of Miasma’s code joins a pattern: earlier publication of Shai‑Hulud produced more capable variants and higher attack rates, and the same dynamic is expected here. The specifics in the leaked code—the GitHub‑based operational channel, the dead‑man switch that punishes token revocation, and a build pipeline designed to defeat signatures—mean defenders must assume the toolkit will be reused and adapted. For defensive teams that still rely heavily on static signatures or rapid, single‑day dependency updates, the message in the code is stark: tactics that work against commodity malware will not suffice against an actively evolving supply‑chain worm.
