Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Compromised npm Packages Expose Devastating Supply Chain Vulnerabilities


Four compromised AsyncAPI npm packages have been found to be distributing a multi-stage botnet loader, exposing devastating supply chain vulnerabilities and highlighting the need for enhanced security measures in software development.

  • A compromised AsyncAPI npm package has been discovered, highlighting the need for enhanced security measures in software development supply chains.
  • The affected packages are @asyncapi/generator-helpers@1.1.1, @asyncapi/generator-components@0.7.1, @asyncapi/generator@3.3.1, and @asyncapi/specs(v6.11.2, v6.11.2-alpha.1).
  • The malware is a multi-stage botnet loader that downloads an encrypted payload from IPFS.
  • The infected modules are executed when the poisoned module is loaded by Node.js, after which it launches a detached background node that downloads and executes the malware.
  • The malicious code facilitates credential theft, AI tool poisoning, LAN lateral movement, and worm-like propagation on npm, PyPI, and Cargo registries.
  • The attacker exploited a compromised push credential to publish packages with valid OIDC provenance attestations.
  • All five affected packages have since been unpublished from the npm registry, but users are advised to treat any endpoint that imported or executed one of the affected package versions as potentially compromised.



  • The recent discovery of compromised AsyncAPI npm packages has sent shockwaves through the cybersecurity community, highlighting the dire need for enhanced security measures in software development supply chains. According to a report by OX Security, SafeDep, Socket, and StepSecurity, four npm packages under the @asyncapi namespace have been found to be distributing a multi-stage botnet loader.

    These compromised packages are identified as @asyncapi/generator-helpers@1.1.1, @asyncapi/generator-components@0.7.1, @asyncapi/generator@3.3.1, and @asyncapi/specs(v6.11.2, v6.11.2-alpha.1). The affected packages deploy an obfuscated first-stage payload that downloads an encrypted second-stage payload, identified as Miasma, from IPFS.

    Further analysis by Socket revealed that the poisoned packages ship a hidden JavaScript implant, with each of them containing an injected source file that decodes to the same second-stage downloader. This malicious code is executed when the infected module is loaded by Node.js, after which it launches a detached background node that downloads and executes the malware from IPFS.

    The next-stage payload is an encrypted JavaScript loader named "sync.js," which is written to operating system-specific paths and executed. The downloader URL is "ipfs[.]io/ipfs/QmQobZSp1wRPrpSEQ56qnyq7ecZh5Bg5k1fnjt4SUwwHb9." The loader contains two components - an encrypted final JavaScript payload, which decodes to the Miasma tasking framework, and a large encrypted blob used by the runtime's spawn-chain framework.

    The Miasma framework bundles 744 modules and is built as a command framework that supports six independent command-and-control (C2) communication channels using HTTP, Nostr relay, IPFS, BitTorrent DHT, libp2p GossipSub P2P mesh, and an Ethereum smart contract. This malicious code facilitates credential theft, AI tool poisoning, LAN lateral movement, and worm-like propagation on npm, PyPI, and Cargo registries.

    Furthermore, Miasma features a persistence mechanism of its own, setting up systemd, crontab, macOS launchd, and Windows Registry autostart keys. According to OX Security's Moshe Siman Tov Bustan, the malware has some similarities to the Shai-Hulud and Miasma campaigns, but it is not attributed to the same campaigns.

    The attacker gained push access to the repositories and used the project's own legitimate GitHub Actions release pipeline to publish packages with valid OIDC provenance attestations. The supply chain attack did not involve the theft of an npm token. Instead, the attacker exploited a compromised push credential.

    According to StepSecurity, both attacks are CI/CD pipeline compromises, not stolen npm tokens or malicious maintainers. The attacker pushed commits under a placeholder git identity and let each repository's real release workflow do the publishing via npm's GitHub OIDC trusted-publisher integration.

    The resulting packages carry legitimate SLSA provenance attestations, proving only that the project's authorized workflow produced them, not that the triggering commits were legitimate. Provenance does not protect against a compromised push credential.

    All five malicious versions have since been unpublished from the npm registry. However, it is advised to treat any endpoint that imported or executed one of the affected package versions as potentially compromised. Exposure depends on whether the infected module was loaded as part of a build or a developer workflow.

    It is worth noting that there is no preinstall/postinstall/install script anywhere in any of the three package.json files. The dropper fires when the poisoned module is require()d during normal use of the generator - the moment a build or CI job actually calls into the library, not at npm install time.

    The compromised AsyncAPI npm packages expose devastating supply chain vulnerabilities that highlight the need for enhanced security measures in software development. This incident serves as a wake-up call for developers and organizations to prioritize cybersecurity and implement robust security protocols in their supply chains.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Compromised-npm-Packages-Expose-Devastating-Supply-Chain-Vulnerabilities-ehn.shtml

  • https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html


  • Published: Wed Jul 15 07:42:12 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us