Miasma malware infects 20+ npm packages in 3-second attack

A coordinated malware campaign has compromised more than 20 npm packages, targeting developer workstations and continuous integration (CI) environments with a self-propagating worm designed to harvest sensitive credentials. The attack, dubbed Miasma, was executed in under three seconds on 24 June 2026, according to Microsoft Threat Intelligence, which identified the incident as part of an ongoing evolution of supply-chain threats in the JavaScript ecosystem.

The attackers gained access to the npm account of a maintainer identified as "czirker" and used it to publish poisoned versions of legitimate packages used by the Leo Platform and RStreams frameworks. Unlike earlier variants of Miasma, which relied on npm installation hooks, this version conceals its payload elsewhere in the installation process and leverages the Bun JavaScript runtime instead of Node.js, likely to evade detection by security tools.

How the attack unfolded

Microsoft’s analysis revealed that the malware operates in two phases. First, it scans infected systems for credentials, including those for AWS, Azure, and Google Cloud, as well as GitHub personal access tokens, Kubernetes secrets, HashiCorp Vault credentials, 1Password data, and npm publishing credentials. Instead of transmitting stolen data to a traditional command-and-control server, the malware commits it to a GitHub repository created under the victim’s account, further obscuring its activity.

In the second phase, the malware attempts to republish any packages the victim maintains, bypassing npm’s two-factor authentication requirements. This tactic not only extends the attack’s reach but also creates a persistent foothold in the supply chain. Sonatype, which also tracked the campaign, noted that the malware’s ability to propagate through legitimate package updates makes it particularly difficult to eradicate.

Impact and mitigation

Organizations using affected packages are advised to assume that developer machines and CI environments may have been compromised. Sonatype recommends a thorough audit of dependency lockfiles, internal package mirrors, build caches, container images, and CI runners to identify and remove lingering copies of the malicious releases. Credential rotation is critical, but experts warn that simply replacing secrets may not be sufficient if the attackers retain access to the compromised environment.

The Miasma campaign has demonstrated a troubling ability to adapt. Its shift from Node.js to Bun, for example, suggests an effort to evade detection by security software that may not yet monitor the newer runtime as closely. The release of the Mini Shai-Hulud toolkit on GitHub has also lowered the barrier for other attackers to deploy similar malware, raising concerns about a potential surge in copycat attacks.

Broader implications

The incident underscores the growing sophistication of supply-chain attacks targeting open-source ecosystems. Unlike traditional malware, which often relies on phishing or social engineering, Miasma exploits the trust inherent in package registries and maintainer accounts. The attack’s speed—completed in under three seconds—highlights the challenges of detecting and mitigating such threats in real time.

Microsoft and Sonatype have both emphasized the need for heightened vigilance among developers and DevOps teams. The use of GitHub repositories for data exfiltration, rather than external servers, complicates detection efforts, as the activity may blend in with legitimate workflows. As the malware continues to evolve, organizations are urged to adopt stricter access controls, multi-factor authentication for package publishing, and automated dependency scanning to reduce their exposure to similar threats.