Supply ChainJul 14, 2026
Compromised npm Packages in the AsyncAPI Namespace Deliver Miasma Botnet Loader
Compromised npm packages in the @asyncapi namespace distribute Miasma botnet loader.
Summary
Three npm packages within the @asyncapi namespace have been compromised, distributing a multi-stage botnet loader known as Miasma. The malicious code is injected into utility functions and executes upon package import, downloading an encrypted second-stage payload from IPFS. The botnet exhibits capabilities for command execution, file operations, credential harvesting, and multi-protocol C2.
Full text
Research/Security Newsjscrambler npm Package Compromised in Supply Chain AttackA compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.By Socket Research Team - Jul 11, 2026
Indicators of Compromise
- url — https://ipfs[.]io/ipfs/QmQobZSp1wRPrpSEQ56qnyq7ecZh5Bg5k1fnjt4SUwwHb9
- ip — 85[.]137[.]53[.]71
- malware — Miasma
Entities
@asyncapi/generator-helpers (product)@asyncapi/generator-components (product)@asyncapi/generator (product)npm (technology)IPFS (technology)