{"id":4209,"date":"2026-06-02T17:13:50","date_gmt":"2026-06-02T17:13:50","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/06\/02\/shai-hulud-clone-miasma-compromises-32-red-hat-npm-packages\/"},"modified":"2026-06-02T17:13:50","modified_gmt":"2026-06-02T17:13:50","slug":"shai-hulud-clone-miasma-compromises-32-red-hat-npm-packages","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/06\/02\/shai-hulud-clone-miasma-compromises-32-red-hat-npm-packages\/","title":{"rendered":"Shai-Hulud Clone \u2018Miasma\u2019 Compromises 32 Red Hat npm Packages"},"content":{"rendered":"
\"\"<\/div>\n

\"\"<\/p>\n

The threat group behind the notorious Mini Shai-Hulud worm<\/a> last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad actors can create their own variants.<\/p>\n

GitHub reportedly took down the repository shortly after it appeared, but the damage was already done, with multiple forks created, according to Datadog security researchers. The modular framework that the threat group, TeamPCP, put into the repository included tools for credential harvesting, supply chain poisoning, and encrypted data exfiltration aimed at developer workstations and CI\/CD pipelines, increasingly popular targets for attackers.<\/p>\n

The released source code also indicated evolving capabilities for persistence through the integration of AI agents and for stealing via Sigstore provenance.<\/p>\n

\u201cThe open-sourcing of a production offensive framework is not unprecedented, but it\u2019s unusual for an active campaign,\u201d the researchers wrote in a report<\/a>. \u201cIt lowers the barrier for other actors to adopt TeamPCP\u2019s playbook, including the more sophisticated techniques like OIDC token abuse, provenance forgery, and AI tool persistence hooks.\u201d<\/p>\n

New Variants Arise<\/h3>\n

Such threats based on the Shai-Hulud code quickly emerged<\/a> in the wild. Most recently, analysts with Aikido, Google-owned Wiz, and Orca Security this week reported that unknown hackers compromised almost three dozen Red Hat cloud services packages in the npm repository with malware, dubbed \u201cMiasma,\u201d that likely came from TeamPCP\u2019s code dump.<\/p>\n

\u201cThe payload appears to be\u00a0derived from the (Mini) Shai-Hulud malware open-sourced by TeamPCP,\u201d Wiz researchers Merav Bar and Rami McCarthy wrote in a report<\/a>. \u201cThe observed modifications are largely cosmetic, with references to the Dune universe [where the name \u2018Shai-Hulud\u2019 came from] replaced by Greek mythology themes (i.e \u2018spartan\u2019), while the underlying functionality and tradecraft remain substantially similar.\u201d<\/p>\n

Aikido researcher Ilyas Makari wrote<\/a> that \u201csince the tooling was made publicly available, other threat actors now have access to the same techniques and can replicate or adapt them. The [32 Red Hat] packages were published via GitHub Actions OIDC, indicating the CI\/CD pipeline was compromised rather than an npm token.\u201d<\/p>\n

Makari added that Aikido detected 96 versions across 32 packages were compromised and were cumulatively downloaded 116,991 times a week.<\/p>\n

Compromised Employee GitHub Account<\/h3>\n

It appears that the attackers compromised the GitHub account of a specific Red Hat employee and used it to inject the Miasma malware into the packages, according to the researchers from Wiz and Aikido. The compromised account bypassed code review and pushed malicious orphan commits to two RedHatInsights repositories over two runs of activity.<\/p>\n

\u201cWhen the workflow runs, it installs Bun and executes\u00a0_index.js, passing it a list of target packages via the\u00a0OIDC_PACKAGES\u00a0environment variable,\u201d Aikido\u2019s Makari wrote. \u201cThe script uses the\u00a0id-token: write\u00a0permission to request a short-lived OIDC token from GitHub, then uses that token to authenticate directly with npm\u2019s trusted publishing endpoint and publish backdoored versions of every package in the list.\u201d<\/p>\n

He wrote that is the same \u201cfundamental pattern\u201d that was detected in Shai-Hulud compromises of TanStack<\/a> and Bitwarden<\/a> repositories. In both, the CI\/CD pipeline becomes the attack surface and the OIDC-based trusted publishing \u2013 used to eliminate long-lived tokens \u2013 is the misleading trust signal. CI\/CD pipelines are becoming popular targets<\/a> for bad actors.<\/p>\n

Eyes on the Cloud<\/h3>\n

Bar and McCarthy wrote that with Miasma, the focus appears to be on cloud identities. The attackers added collectors for Google Cloud Platform (GCP) and Microsoft Azure to collect all the identities the compromised systems had access to. Previous versions of the malware were designed to extract secrets, while this new one shows the attackers are interested in gaining access to the cloud itself.<\/p>\n

\u201cIn addition, the malware now generates a uniquely encrypted payload for each infection, making hash-based IOCs [indicators of compromise] useful only for a specific package version,\u201d they wrote. \u201cUnlike previous variants that simply copied themselves, this approach makes detection and version tracking significantly more difficult.\u201d<\/p>\n

A Wide Range of Targets<\/h3>\n

Orca Security researchers wrote that each package version has a broad range of targets<\/a>, including GitHub Actions tokens, Amazon Web Services (AWS) access keys and session tokens, GCP app default credentials and service account keys, Azure service principal credentials and managed identity tokens, HashiCorp Vault tokens, Kubernetes service accounts and kubeconfig files.<\/p>\n

They also look for npm and PyPI publish tokens, SSH private keys, Docker registry credentials, GPG keys, and all .env files.<\/p>\n

\u201cThe malware generates uniquely encrypted payloads per infection, making hash-based IOC detection difficult,\u201d they wrote. \u201cThe worm\u2019s self-propagating nature means that stolen tokens can be used to compromise additional packages and repositories, creating a cascading supply-chain effect.\u201d<\/p>\n

Organizations Need to Take Action<\/h3>\n

They added that the packages averaged about 80,000 downloads a week, and that Red Hat confirmed that none of its products or enterprise software were built or shipped with the compromised versions. Version pinning by Red Hat engineers prevented the contamination of products.<\/p>\n

\u201cThe primary risk is to downstream open-source consumers and organizations using these packages directly in their frontend applications, CI\/CD pipelines, and build systems,\u201d they said.<\/p>\n

Orca recommended that organizations that installed any compromised versions should audit their dependencies and treat all CI secrets, cloud credentials, npm tokens, and any other secrets that could be stolen as compromised. They also should rotate affected credentials, remove the compromised packages, or pin to a version known to be safe.<\/p>\n

Read More<\/a><\/p>\n

\u200b<\/p>","protected":false},"excerpt":{"rendered":"

The threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into […]<\/p>\n","protected":false},"author":1,"featured_media":4210,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5],"tags":[],"class_list":["post-4209","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=4209"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4209\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/4210"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=4209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=4209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=4209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}