An attacker published malicious versions of 32 packages in the @redhat-cloud-services scope on June 1 — all within 72 seconds, according to ReversingLabs.
Scope and scale of the compromise
The incident affected 32 legitimate packages in Red Hat's official npm namespace, spanning the Hybrid Cloud Console ecosystem: UI components, API clients and build tooling. ReversingLabs reported the malicious releases were pushed on June 1 and represented roughly 9.8 million downloads in total. This was not a lookalike or typosquatting operation — the attacker seized control of a trusted namespace and republished real packages with hidden malware, turning the trust developers place in a known vendor into the delivery method.
Malware hidden in the install step
Each compromised package carried an obfuscated preinstall script that executed automatically during installation, before any application code ran. As a result, exposure depended merely on installing or building the package, not on using it in production.
Aikido Security characterized the payload as a variant of the Mini Shai-Hulud worm that it tracks under the name Miasma. ReversingLabs said the malware was built to harvest secrets, targeting cloud provider keys, CI/CD tokens, npm credentials and other sensitive material on the developer's machine. True to its lineage, the malware also attempted to spread: using stolen publishing tokens it tried to republish backdoored versions of other packages reachable by the compromised account.
GitHub Actions OIDC tokens indicate pipeline breach
Aikido Security found that the malicious releases were pushed using GitHub Actions OIDC tokens, a detail that indicates the attacker compromised the build pipeline rather than an individual developer’s personal account. The report notes that OIDC-based "trusted publishing" was introduced to improve security by replacing long-lived npm tokens with short-lived ones issued during a build. This incident demonstrates how that trust signal can be subverted when the pipeline itself is breached, leaving a mechanism intended to reduce risk instead serving as the vector for malicious publishing.
Remediation taken and the exposure window
By the time researchers analyzed the activity, legitimate maintainers had pushed clean follow-up versions for all 32 packages and the malicious releases had been removed from npm. Nonetheless, any project that pinned to the affected versions or ran an install during the window before the bad releases were pulled remains exposed.
Researchers urged organizations that installed an affected version to treat the system as potentially compromised and rotate any exposed credentials, because the payload runs at install time regardless of whether the package was otherwise used. They also advised auditing CI/CD pipelines for unexpected publishing activity.
What this means for technologists, enterprise DevOps teams, and open-source maintainers
- Technologists and security teams: If your environment installed one of the affected versions, researchers recommend treating the system as potentially compromised and rotating exposed credentials; the malware's preinstall behavior means an install or build step is sufficient for exposure.
- Enterprise DevOps teams: Because the malicious packages were published using GitHub Actions OIDC tokens, teams should audit CI/CD pipelines for unexpected publishing activity — the incident shows short-lived build tokens do not prevent abuse when a pipeline is breached.
- Open-source maintainers: Legitimate maintainers were able to push clean follow-up versions and remove the malicious releases, but projects that pinned to specific versions or performed installs in the outage window remain at risk and should verify artifacts and token use in their publishing pipelines.
The episode is a compact demonstration of how quickly a trusted supply chain can be weaponized: 32 packages, republished in 72 seconds, with malware that steals keys and tries to propagate further. The malicious releases have been removed and clean versions restored, but the core fact remains — when a build pipeline is compromised, short-lived tokens can become a carrier for malicious code. Researchers have recommended rotating credentials and auditing pipelines; whether those steps are taken broadly and promptly will determine how many of the roughly 9.8 million downstream consumers escape exposure.
https://www.infosecurity-magazine.com/news/red-hat-npm-scope-backdoored/




