Back to Feed
Supply ChainJul 15, 2026

​ ​AsyncAPI npm packages infected with credential-stealing malware

AsyncAPI npm packages compromised in supply-chain attack, delivering credential-stealing malware.

Summary

Five malicious versions of AsyncAPI npm packages were published to the Node Package Manager (npm) via a supply-chain attack, compromising over 2.25 million weekly downloads. The attacker exploited a misconfigured GitHub Actions workflow to inject a remote access trojan with info-stealing capabilities, targeting credentials, tokens, and sensitive data from CI/CD systems and AI tools. While some data-harvesting functions were non-operational, the malware established persistence and communicated via multiple channels, though it avoided systems detected as Russian.

Full text

​ ​AsyncAPI npm packages infected with credential-stealing malware By Bill Toulas July 15, 2026 11:37 AM 0 Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capabilities. The threat actor exploited a misconfigured GitHub Actions workflow and pushed trojanized packages in the @asyncapi namespace that had a cummulative weekly download count of more than 2.25 million. Multiple security companies confirmed that on July 14, an attacker compromised two AsyncAPI GitHub repositories and injected malware into project files. “Both attacks are CI/CD pipeline compromises, not stolen npm tokens or malicious maintainers,” reads a report from Step Security. The researchers explain that "the attacker pushed commits under a placeholder git identity and let each repository's real release workflow do the publishing via npm's GitHub OIDC trusted-publisher integration." In doing so, the attacker ensured that the resulting packages had the legitimate SLSA provenance attestations, indicating that they originated from an authorized workflow. The malicious AsyncAPI packages pushed to npm are: @asyncapi/generator 3.3.1 (101k weekly downloads) @asyncapi/generator-helpers 1.1.1 (43k weekly downloads) @asyncapi/generator-components 0.7.1 (34k weekly downloads) @asyncapi/specs 6.11.2-alpha.1 and 6.11.2 (2.1 million weekly downloads) Application security company Socket notes that the first-stage implant in the published packages is an obfuscated JavaScript statement that ultimately triggers a downloader when the infected file is imported. A second-stage script, which contains configuration details and the main runtime, is retrieved from the IPFS peer-to-peer content delivery network and launched as a hidden process. Cloud and application security company Wiz says that the third-stage payload "is a 92,000-line malware framework with modular architecture," which establishes persistence on the system and communicates with the command-and-control (C2) server over several channels: HTTP, Nostr relays, Ethereum smart contracts, and a libp2p mesh network. Attack flow diagramSource: Step Security Although the final payload uses artifact names and configuration files pointing to the Miasma backdoor seen in past supply-chain attacks [1, 2], SafeDep researchers believe that the malware is "either a private, parallel build by the same operators or a separate group that adopted the Miasma brand after the source was published." Its purpose appears to be stealing secrets, which include credentials, authentication keys, tokens, browser data, sensitive info from CI/CD systems and AI developer tools, cryptocurrency wallets, and databases. Additionally, the malware code allows it to download the Gitleaks and HackBrowserData tools to help with collecting sensitive info. However, a report from cybersecurity company Aikido notes that all these functions do not work and the data harvesting tool exits before collecting anything. Nevertheless, the researchers say that all this can be achieved manually using the shell. Ox Security also noted that the malware performs a local check for Russia, and if there’s a match, it terminates its process. As of writing, all five versions of the four malicious packages have been removed from npm, but developers should note that existing installations and lock files created during the exposure window may still contain the malicious releases. The exposure window extends to approximately four hours and seven minutes, between 07:10 and 11:18 UTC on July 14. The recommended action is to pin to known-good files, regenerate lock files, remove the hidden ‘NodeJS/sync.js’ payload, terminate all malicious processes, and rotate credentials on the impacted systems. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: GitHub announces npm security changes to tackle supply-chain attacksGitHub disables Microsoft repos pushing password-stealing malwareNew IronWorm malware hits 36 packages in npm supply-chain attackNew Shai-Hulud malware wave compromises 600 npm packagesShai Hulud attack ships signed malicious TanStack, Mistral npm packages

Indicators of Compromise

  • malware — Miasma backdoor

Entities

@asyncapi/generator (product)@asyncapi/generator-helpers (product)@asyncapi/generator-components (product)@asyncapi/specs (product)npm (technology)GitHub Actions (technology)