Skip to main content
Emerging ThreatsSupply Chain Attacks

Red Hat npm Packages Compromised in Supply-Chain Attack

Software development workspace with laptop and papers, subtle coding environment in background.

According to Aikido, the compromised packages receive roughly 117,000 weekly downloads.

Scope of the compromise: 32 packages, 96 package versions

Security firms Aikido and OX Security found that more than 30 npm packages under Red Hat's @redhat-cloud-services namespace were backdoored. Aikido reported that 32 packages and 96 package versions were affected, and that those packages receive roughly 117,000 weekly downloads. The backdoors were distributed as new package releases, not as alterations to already-installed files.

How the attack worked: GitHub account compromise, GitHub Actions, and OIDC publishing

According to Aikido, attackers allegedly compromised a Red Hat employee's GitHub account and used it to push malicious commits directly into multiple repositories. Those commits added a GitHub Actions workflow and a script that abused npm's publishing mechanism to release backdoored packages.

Aikido explained the automated chain: "When the workflow runs, it installs Bun and executes _index.js, passing it a list of target packages via the OIDC_PACKAGES environment variable." The script used the id-token: write permission to request a short-lived OIDC token from GitHub, then authenticated "directly with npm's trusted publishing endpoint and publish backdoored versions of every package in the list."

The published packages contained a malicious preinstall hook that executed a heavily obfuscated payload when the packages were installed. The published install script looked like this: "preinstall": "node index.js". Aikido says the delivered index.js payload was approximately 4.2 MB in size and implemented extensive credential-theft functionality.

Miasma: a new variant linked to Shai-Hulud and Mini Shai-Hulud

Researchers identify the malware used in these backdoors as a new variant of Shai-Hulud that they call "Miasma." The campaign uses the string "Miasma: The Spreading Blight" as comments in compromised GitHub repositories. Over recent months, Aikido and OX Security note, multiple supply-chain attacks have used Shai-Hulud-family malware to steal credentials and move laterally across developer environments.

The TeamPCP threat group previously released source code for a framework named Mini Shai-Hulud, and the Red Hat infections share many similarities with that leaked code. OX Security says the Miasma variant retains Mini Shai-Hulud's credential-stealing functionality while adding "additional obfuscation layers, multi-stage payload delivery mechanisms, and enhanced data theft and credential-harvesting features." At the time of reporting, OX Security counted 309 GitHub repositories compromised by the Miasma campaign.

Impact and Red Hat's response

Red Hat told BleepingComputer that it removed the affected packages from the npm registry after being alerted and characterized the impacted packages as internal development tooling. In a statement Red Hat said: "Red Hat is aware of security reports regarding certain npm packages within our development tooling ecosystem. We immediately initiated an investigation and removed the packages from the npm registry."

Red Hat added: "The packages are strictly limited to internal development, and the malicious code was never published for customer consumption via the console.redhat.com system. While our investigation is ongoing, we have not identified any impact to customer or partner environments or Red Hat production systems." The company also did not answer questions about how the GitHub account was compromised, according to the reporting.

Aikido warned that the index.js payload was able to harvest a broad range of secrets: GitHub Actions secrets, AWS credentials, Google Cloud credentials, Azure service principal credentials, HashiCorp Vault tokens, Kubernetes service account tokens, npm and PyPI publishing tokens, SSH keys, Docker credentials, GPG keys, and .env files. Aikido advises that "Organizations that installed any affected versions are advised to rotate all credentials, secrets, and tokens utilized by code on the infected device immediately."

What this means for developers, cloud teams, and Red Hat customers

  • Developers: Packages containing a preinstall hook that runs node index.js can execute large, obfuscated payloads at install time; projects using affected versions should rotate credentials and review build and install-time hooks.
  • Cloud teams: The malware targeted a wide range of cloud credentials and tokens (AWS, Google Cloud, Azure, Kubernetes service accounts, HashiCorp Vault), so any environment that reused credentials or tokens on developer machines or CI runners should assume compromise and rotate secrets.
  • Red Hat customers and partners: Red Hat reports no identified impact to customer or partner environments or production systems, and says the packages were limited to internal development tooling; nevertheless, organizations that consumed any affected package versions should follow the rotation guidance from Aikido.

The incident illustrates how a single repository or account compromise can translate into broad package releases when CI workflows and token-based publishing are abused. The investigation remains ongoing, and questions remain about the initial account compromise and whether the campaign was operated by TeamPCP or a different actor using leaked Mini Shai-Hulud code.

Read the original report: BleepingComputer — Red Hat npm packages compromised to steal developer credentials