Back to Feed
Supply ChainJul 14, 2026

Compromised npm Packages in the AsyncAPI Namespace Deliver Miasma Botnet Loader

Compromised npm packages in the @asyncapi namespace distribute Miasma botnet loader.

Summary

Three npm packages within the @asyncapi namespace have been compromised, distributing a multi-stage botnet loader known as Miasma. The malicious code is injected into utility functions and executes upon package import, downloading an encrypted second-stage payload from IPFS. The botnet exhibits capabilities for command execution, file operations, credential harvesting, and multi-protocol C2.

Full text

Research/Security Newsjscrambler npm Package Compromised in Supply Chain AttackA compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.By Socket Research Team - Jul 11, 2026

Indicators of Compromise

  • url — https://ipfs[.]io/ipfs/QmQobZSp1wRPrpSEQ56qnyq7ecZh5Bg5k1fnjt4SUwwHb9
  • ip — 85[.]137[.]53[.]71
  • malware — Miasma

Entities

@asyncapi/generator-helpers (product)@asyncapi/generator-components (product)@asyncapi/generator (product)npm (technology)IPFS (technology)