[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPXwMvQmXro7yppV53O0ssIiVvIYA8GcLdHFVKuX2LVg":3},{"article":4,"iocs":55},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"95c9e168-3b9d-463a-b02b-2b91c5dba3e7","Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware","compromised-asyncapi-npm-packages-deliver-multi-stage-botnet-malware-906c19","Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below - @asyncapi\u002Fgenerator-helpers@1.1.1 @asyncapi\u002Fgenerator-components@0.7.1 @asyncapi\u002Fgenerator@3.3.1 @asyncapi\u002Fspecs(v6.11.2, v6.11.2-alpha.1) \"The","Four npm packages within the @asyncapi namespace have been compromised to distribute a multi-stage botnet loader identified as Miasma. The malicious code is executed when the infected module is loaded by Node.js, downloading an encrypted payload from IPFS. The malware supports multiple C2 communication channels and includes persistence mechanisms, credential theft, and lateral movement capabilities.","Compromised npm packages in @asyncapi namespace distribute multi-stage botnet malware.","Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware Ravie LakshmananJul 15, 2026Malware \u002F Software Security Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below - @asyncapi\u002Fgenerator-helpers@1.1.1 @asyncapi\u002Fgenerator-components@0.7.1 @asyncapi\u002Fgenerator@3.3.1 @asyncapi\u002Fspecs(v6.11.2, v6.11.2-alpha.1) \"The compromised packages deploy an obfuscated first-stage payload that downloads an encrypted second-stage payload, identified as Miasma, from IPFS,\" Socket said. The poisoned packages ship a hidden JavaScript implant, with each of them containing an injected source file that decodes to the same second-stage downloader. Unlike previous iterations that leveraged install hooks to trigger the execution of a JavaScript payload, the malicious code in this case is run when the infected module is loaded by Node.js, after which it launches a detached background node that downloads and executes the malware from IPFS. The next-stage payload is an encrypted JavaScript loader named \"sync.js,\" which is written to operating system-specific paths and executed. The downloader URL is \"ipfs[.]io\u002Fipfs\u002FQmQobZSp1wRPrpSEQ56qnyq7ecZh5Bg5k1fnjt4SUwwHb9.\" The loader contains two components - The encrypted final JavaScript payload, which decodes to the Miasma tasking framework A large encrypted blob used by the runtime's spawn-chain framework The framework bundles 744 modules and is built as a command framework that supports six independent command-and-control (C2) communication channels using HTTP, Nostr relay, IPFS, BitTorrent DHT, libp2p GossipSub P2P mesh, and an Ethereum smart contract. Besides facilitating credential theft, AI tool poisoning, LAN lateral movement, and worm-like propagation on npm, PyPI, and Cargo registries, Miasma features a persistence mechanism of its own, setting up a systemd, crontab, macOS launchd, and Windows Registry autostart keys. \"Although the malware has some similarities to the Shai-Hulud and Miasma campaigns, and it contains the Miasma string multiple times inside its code, this malware isn't the same as them, nor is it attributed to the Miasma\u002FShai-Hulud\u002FTeamPCP campaigns that we've seen in the past,\" OX Security's Moshe Siman Tov Bustan said. Furthermore, it incorporates a dead man's switch that monitors a stolen token and triggers a directory wipe if the token is revoked, while avoiding systems identified as sandboxes or virtual environments, as well as those that have their current language set to Russian or have security tools from CrowdStrike, SentinelOne, Microsoft Defender, CarbonBlack, Cylance, Osquery, Tanium, and Qualys installed. \"Its clearest operational path is REST-based C2: the implant beacons to an HTTP endpoint, accepts encrypted tasking, and posts command results back to the same infrastructure. Around that core, the payload also carries support for upload transport, command ciphering, node signing, payload updates, file management, shell execution, and persistence writing.\" According to StepSecurity, the attacker is said to have gained push access to the repositories and used the project's own legitimate GitHub Actions release pipeline to publish packages with valid OIDC provenance attestations. The supply chain attack did not involve the theft of an npm token. \"Both attacks are CI\u002FCD pipeline compromises, not stolen npm tokens or malicious maintainers,\" security researcher Rohan Prabhu said. \"The attacker pushed commits under a placeholder git identity and let each repository's real release workflow do the publishing via npm's GitHub OIDC trusted-publisher integration.\" \"The resulting packages carry legitimate SLSA provenance attestations, proving only that the project's authorized workflow produced them, not that the triggering commits were legitimate. Provenance does not protect against a compromised push credential.\" All five malicious versions have since been unpublished from the npm registry. It's advised to treat any endpoint that imported or executed one of the affected package versions as potentially compromised. However, it bears noting that exposure depends on whether the infected module was loaded as part of a build or a developer workflow. \"There is no preinstall\u002Fpostinstall\u002Finstall script anywhere in any of the three package.json files,\" StepSecurity said. \"This dropper fires when the poisoned module is require()d during normal use of the generator: the moment a build or CI job actually calls into the library, not at npm install time.\" Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  botnet, CI\u002FCD Security, Cloud security, Credential Theft, Developer Security, Malware, Open Source Security, Software Security, Supply Chain Attack ⚡ Top Stories This Week 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP\u002F3 Servers Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices New \"Bad Epoll\" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices European Parliament Member Investigating Spyware Was Hacked With Pegasus ⭐ Featured Resources What 200+ Security Teams Reveal About Using IP Intelligence in 2026 Get Hands-On SANS Training for Today’s Cyber Defense and Offensive Security Challenges See What’s Really Exposed Across Your IT, OT, IoT, Cloud, and Mobile Assets Get Gartner’s Guide to AI Agent Supervision and Runtime Controls","https:\u002F\u002Fthehackernews.com\u002F2026\u002F07\u002Fcompromised-asyncapi-npm-packages.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEgXEluWW9TuNGlzu9wVHSDBzAeUuoRS9Om8kX9yzH-HwCjggh-N5ycLyuJ82oY3MP4Uvf9yF_PqwKhcZepDBEH_pOb3td4dPRuuGSWi5XndfpeuqiMipzKIq0Vofc-hOBGj4nWxmXbjMS7RvHkZCUSHloOpsS6m7jpwwFX-2KUkYwrQdt-ClrGXpt2C9TxC\u002Fs1600\u002Fasync-npm.jpg","2026-07-15T09:16:13+00:00","2026-07-15T10:00:21.574363+00:00",9,[18,21,23,25,27,30],{"name":19,"type":20},"@asyncapi\u002Fgenerator-helpers","product",{"name":22,"type":20},"@asyncapi\u002Fgenerator-components",{"name":24,"type":20},"@asyncapi\u002Fgenerator",{"name":26,"type":20},"@asyncapi\u002Fspecs",{"name":28,"type":29},"npm","technology",{"name":31,"type":29},"IPFS","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":32,"icon":34,"name":35,"slug":36},null,"Supply Chain","supply-chain",[38,40,45,50],{"category":39},{"id":32,"icon":34,"name":35,"slug":36},{"category":41},{"id":42,"icon":34,"name":43,"slug":44},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":46},{"id":47,"icon":34,"name":48,"slug":49},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":51},{"id":52,"icon":34,"name":53,"slug":54},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[56,60,63,66,69],{"type":57,"value":58,"context":59},"mitre_attack","T1059.003","Execution: Command and Scripting Interpreter: Windows Command Shell (implied by Windows Registry autostart keys)",{"type":57,"value":61,"context":62},"T1547.001","Persistence: Boot or Logon Autostart Execution: Registry Run Keys \u002F Startup Folder (Windows Registry autostart keys)",{"type":57,"value":64,"context":65},"T1071.001","Command and Control: Application Layer Protocol: Web Protocols (REST-based C2)",{"type":57,"value":67,"context":68},"T1041","Exfiltration Over C2 Channel (implied by posting command results back to infrastructure)",{"type":57,"value":70,"context":71},"T1027","Obfuscated Files or Information (obfuscated first-stage payload)"]