Red Hat npm Packages Compromised in Supply-Chain Attack Distributing Miasma Malware

On June 1, 2026, security researchers uncovered a significant supply-chain attack targeting npm packages published under Red Hat's official '@redhat-cloud-services' namespace. The breach compromised 32 packages—spanning 96 versions—and distributed a new variant of the Shai-Hulud credential-stealing malware, now identified as "Miasma." The attack exploited compromised developer credentials to insert malicious backdoors into legitimate Red Hat tooling packages, which then stole sensitive authentication tokens and credentials from developer workstations and CI/CD environments. The stolen data included GitHub Actions secrets, cloud provider credentials (AWS, Google Cloud, Azure), HashiCorp Vault tokens, Kubernetes service account tokens, npm and PyPI publishing credentials, SSH keys, Docker credentials, GPG keys, and .env files. The affected packages collectively received approximately 117,000 weekly downloads before removal, indicating widespread exposure across both internal Red Hat development workflows and external projects depending on these packages. Red Hat swiftly removed the compromised packages from the npm registry upon discovery and confirmed that their investigation is ongoing. The company stated that initial analysis suggests the impact was limited to internal development tooling, with no evidence of compromise affecting customer environments, partner systems, or production deployments. However, developers who installed any of the affected packages between their initial publication and removal should assume their local credentials have been exfiltrated and take immediate remediation steps. This incident marks a textbook example of how supply-chain attacks have evolved from compromising build infrastructure to directly targeting developer identities and the rich trove of credentials that modern development workflows generate.

Related Articles

• Shai-Hulud Malware Campaign: Credential Theft Evolution - tracing the origins and evolution of this long-running credential-stealing operation
• npm Supply Chain Attacks: A Rising Threat - comprehensive analysis of npm-based supply chain attacks
• GitHub Actions Security Best Practices - how to secure your CI/CD pipelines against credential theft
• Miasma Malware Analysis: A New Phase in Credential Theft - deep technical analysis of the Miasma payload
• Supply Chain Security Guide - prevention strategies for supply chain attacks

Technical Analysis: How the Miasma Malware Works

The technical sophistication of the Miasma malware lies not in its complexity, but in its careful integration into trusted code. Each compromised package contained a malicious index.js payload that weighed approximately 4.2 megabytes—a size that suggests the malware packer embedded multiple credential extraction routines and potentially encoded obfuscated code within legitimate library stubs.

The malicious payload executed automatically through the npm preinstall script mechanism, a feature that allows arbitrary code to run before package installation completes. This approach bypassed many developer safety expectations, as users typically do not inspect preinstall scripts before they execute.

Once executed, the malware began scanning the local file system for credential files and environment configurations. It specifically targeted:

• Cloud Provider Credentials: AWS access keys (typically stored in ~/.aws/credentials), Google Cloud service account JSON files, and Azure CLI authentication tokens
• Container and Orchestration Secrets: Docker configuration files (~/.docker/config.json) containing registry credentials, Kubernetes service account tokens from ~/.kube/config, and Helm repository authentication
• Secrets Management Systems: HashiCorp Vault tokens (found in ~/.vault-token or environment variables) and related Vault CLI configurations
• Version Control Credentials: GitHub Personal Access Tokens, GitLab tokens, and SSH keys (~/.ssh/id_rsa, ~/.ssh/id_ed25519)
• Package Manager Credentials: npm authentication tokens (~/.npmrc) and PyPI API tokens
• Local Configuration Files: Any file named .env, .env.local, or matching common environment variable patterns
• GPG Signing Keys: Both private and public key rings used for code signing commitments

After collecting credentials, the malware encoded them in Base64 and prepared exfiltration payloads. Based on the Shai-Hulud campaign's historical patterns, the stolen data was likely sent to command-and-control servers via HTTPS, potentially leveraging compromised cloud credentials to route traffic through legitimate API endpoints to evade network-based detection.

The malware also included persistence mechanisms, such as modifying shell configuration files (.bashrc, .zshrc) to re-execute on new terminal sessions and ensure that even if the initial package was uninstalled, credentials could still be harvested from subsequent command executions.

Technical Deep Dive

For developers interested in the technical internals of credential protection, see our guide on Securing Developer Workstations Against Credential Theft.

Attack Timeline: From Compromise to Discovery

The timeline of this attack reveals a meticulous, multi-phase operation that likely spanned weeks before detection.

Phase One - Initial Compromise: Attackers first compromised a Red Hat employee's GitHub account. The specific method of compromise—whether through credential stuffing, phishing, or exploitation of a third-party integration—has not been publicly disclosed by Red Hat. Once inside the employee's account, attackers gained access to repositories containing internal Red Hat tooling packages.

Phase Two - Malicious Injection: Rather than creating new malicious packages from scratch, attackers pushed malicious commits directly to legitimate repositories. They embedded a malicious GitHub Actions workflow that used OpenID Connect (OIDC) tokens from GitHub to authenticate with the npm registry. This sophisticated approach leveraged the principle of least privilege: the workflow only had permissions to publish new package versions, not modify existing ones, making the compromise harder to detect through standard audit log review.

Phase Three - Package Distribution: The backdoored packages were published incrementally, with at least 32 distinct package names and 96 versions distributed under the '@redhat-cloud-services' namespace. The versioning strategy—spreading across multiple versions rather than updating a single popular package—likely aimed to avoid triggering npm's anomaly detection systems that monitor for sudden spikes in version publishing.

Phase Four - Execution Window: Once published, the malicious preinstall scripts executed on any developer machine that installed or updated these packages. With approximately 117,000 weekly downloads before removal, the potential exposure window was significant.

Phase Five - Discovery and Response: The attack was discovered by security researchers monitoring for anomalous package activity. Red Hat confirmed the breach and began an internal investigation. Within hours of initial discovery, all affected packages were removed from the npm registry. The company has not yet disclosed whether they identified the specific attack window or timeline beyond confirming the article publication date of June 1, 2026.

Impact Assessment: Who Was Affected and What Was At Risk

The impact of the Miasma attack extended beyond Red Hat's internal systems, affecting any organization or developer who installed packages from the compromised '@redhat-cloud-services' namespace.

Affected Users

• Red Hat Internal Developers: Employees who installed the backdoored packages as part of their tooling pipeline
• External Project Maintainers: Open source and private projects that depended on these Red Hat packages as dependencies
• Enterprise Customers: Any organization using npm to manage internal tooling that included the compromised packages
• CI/CD Pipeline Operators: Automated systems that installed packages without human review

Data That Could Be Stolen

The malware's credential harvesting routine was comprehensive, targeting the most valuable authentication artifacts developers accumulate:

• Cloud Provider Access Keys: AWS access keys, Google Cloud service account JSON, Azure CLI tokens—any of these could provide unauthorized cloud infrastructure access
• Container Registry Credentials: Docker login tokens that could allow attackers to push malicious container images or pull proprietary images
• Kubernetes Service Account Tokens: These tokens often have broad cluster permissions and could enable container escape or lateral movement within the cluster
• HashiCorp Vault Tokens: If Vault was used for dynamic secret generation, attackers could potentially request additional temporary credentials
• Helm Repository Authentication: Helm charts often contain sensitive configuration; compromised repository access could lead to supply-chain attacks on internal applications
• npm and PyPI Publishing Tokens: Attackers could replace legitimate packages with backdoored versions, extending the attack beyond this single incident
• SSH Keys and GPG Keys: Long-lived keys that provide access to multiple systems and enable code signing for authentic-looking malicious releases
• Environment Configuration Files: .env files often contain database passwords, API keys, and other secrets that developers use across multiple projects

The scale of potential damage cannot be overstated. A single developer workstation with cloud credentials and SSH keys compromised could become a foothold for broader enterprise network access. The combination of cloud credentials with container and Kubernetes tokens creates a complete attack path from local development to production infrastructure.

Red Hat Response and Current Status

Red Hat's response to the incident demonstrates a rapid but measured approach to crisis management.

Immediate Actions

• Package Removal: All 32 compromised packages were removed from the npm registry shortly after confirmation of the breach
• Internal Investigation: Red Hat launched an internal security investigation to determine how the employee account was compromised and what other systems might be affected
• Community Notification: The company issued public statements acknowledging the breach and advising users to check their installed packages
• Support for Affected Users: Red Hat established channels for users who believe they may have installed compromised packages to receive guidance on remediation

Public Statements

Red Hat's official communications emphasized that the impact was limited to internal development tooling. The company explicitly stated there was no evidence of compromise affecting customer environments, partner systems, or production deployments. However, Red Hat has not responded to questions about the specific method by which the employee account was compromised, leaving a critical gap in understanding how attackers gained initial access.

Ongoing Investigation

As of the article publication date, Red Hat's investigation remains ongoing. Security researchers have not yet publicly identified specific threat actors linked to this campaign. The attack shares characteristics with previous Shai-Hulud operations, including the credential-stealing payload structure and use of legitimate cloud APIs for command-and-control communication. However, attribution requires more time and forensic evidence than is currently available.

Recommendations from Red Hat

While awaiting the final investigation report, Red Hat has advised affected users to:

• Uninstall any packages from '@redhat-cloud-services' that were installed after the compromise date
• Rotate all cloud provider access keys that may have been on affected systems
• Regenerate SSH keys and GPG signing keys used for development work
• Review GitHub Actions workflows for unauthorized modifications
• Monitor HashiCorp Vault and other secrets management systems for unusual access patterns

Recommendations: Protecting Your Development Environment

The Miasma attack underscores the critical importance of supply-chain security in modern software development. Developers and organizations should take immediate action to protect themselves.

Individual Developer Protections

• Review Installed Packages: Check your node_modules directory for any packages from '@redhat-cloud-services' and uninstall them
• Audit GitHub Actions Workflows: Review all workflows you have created or modified to ensure no unauthorized changes were made
• Rotate All Credentials: Treat any credentials on machines that installed the compromised packages as compromised. Generate new AWS access keys, SSH keys, and GPG keys
• Check Shell Configurations: Examine .bashrc, .zshrc, and similar files for unexpected modifications
• Use Credential Managers: Consider using dedicated credential management tools rather than storing keys in environment files

Organizational Best Practices

• Supply-Chain Audits: Regularly audit all third-party dependencies for security health and transparency
• Immutable CI/CD Pipelines: Use tools that prevent runtime modification of CI/CD workflows
• Least Privilege Access: Ensure developers and automated systems have the minimum necessary permissions to accomplish their tasks
• Network Monitoring: Implement deep packet inspection for cloud API traffic to detect anomalous patterns
• Secrets Rotation Cadence: Establish regular rotation schedules for all credentials, especially those used in development environments
• Development Environment Isolation: Consider using containerized or virtualized development environments that can be easily recreated and verified

Long-term Strategies

• Signed Package Verification: Use npm's package signing features to verify package authenticity before installation
• Sandboxed Package Installation: Run package installation in sandboxed environments to limit potential damage
• Behavioral Monitoring: Implement monitoring for unusual developer behavior patterns that could indicate compromise
• Security Training: Regular training on supply-chain attack indicators and response procedures
• Incident Response Planning: Develop and regularly test incident response plans for supply-chain breaches

The Miasma attack demonstrates that no developer environment is immune to credential theft. Proactive security measures—implemented before an incident occurs—are the only defense against this evolving threat landscape.

Related Resources

• The Complete Guide to Supply Chain Security - a comprehensive overview of supply chain attack prevention
• Securing npm in Enterprise Environments - best practices for npm security
• Credential Management Strategies for Developers - how to safely store and rotate credentials

Attribution and Context: Place in the Broader Threat Landscape

The Miasma malware represents a new variant of the Shai-Hulud credential-stealing campaign, which has been active since at least 2024. Shai-Hulud attacks have historically targeted JavaScript-based environments, including npm packages and Node.js applications. The naming convention—borrowed from Frank Herbert's Dune universe, where the "Shai-Hulud" is a giant sandworm—suggests a thematic focus on long-term, subterranean attacks that emerge unexpectedly to consume their targets.

Known Attribution

As of the article publication date, no specific threat actor has been publicly attributed to the Miasma campaign. However, security researchers have noted technical similarities between this attack and previous Shai-Hulud operations:

• The credential extraction routines share code patterns with earlier variants
• The use of GitHub Actions OIDC for npm authentication matches a pattern seen in 2025 supply-chain attacks
• The Base64 encoding and HTTPS exfiltration approach is consistent with previous campaigns

Connection to Other Campaigns

While definitive attribution requires more forensic analysis, the following patterns merit investigation:

• Campaign A: An earlier Shai-Hulud variant that compromised npm packages in the '@azure' namespace
• Campaign B: A GitHub Actions workflow abuse campaign that used OIDC tokens to bypass npm authentication
• Campaign C: A credential-stealing operation that targeted cloud provider access keys in developer environments

The Miasma attack appears to combine elements from these campaigns into a more comprehensive credential harvesting operation, suggesting either an evolution of the same threat actor or collaboration between multiple groups.

What This Means for Future Threats

The Miasma attack demonstrates several concerning trends in supply-chain security:

1. Targeting Developer Identity: Attackers are shifting focus from infrastructure compromise to identity compromise, leveraging the rich credential ecosystem modern developers accumulate
2. Multi-Platform Credential Harvesting: The malware's ability to steal credentials across cloud providers, container platforms, and secrets management systems suggests attackers are building comprehensive access rather than isolated footholds
3. Supply-Chain Persistence: By embedding malware in preinstall scripts and modifying shell configurations, attackers ensure long-term access even if the initial package is removed
4. Leveraging Legitimate Authentication: The use of GitHub OIDC tokens to authenticate with npm shows attackers are finding ways to abuse legitimate authentication flows rather than brute-forcing their way in

Organizations should prepare for more sophisticated, credential-centric supply-chain attacks that target the developer as the weakest link in the security chain.

Additional Reading

• Understanding Developer Identity Compromise - how attackers target developer accounts
• Supply Chain Attack Trends 2026 - a yearly review of supply chain attack patterns
• Credential Theft Protection Guide - defense strategies against credential theft campaigns