The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Miasma Expands Software Supply Chain Attacks Through Compromised CI/CD Infrastructure

Jun 15, 2026 2:57:00 PM / by The Hivemind

MIASMA2026Verticals Targeted: Software Development
Regions Targeted: Global
Related Families: Miasma, Mini Shai-Hulud

Executive Summary

Miasma is a software supply chain malware campaign targeting developer ecosystems, CI/CD pipelines, GitHub repositories, and open-source package registries. Earlier this month, researchers identified a compromise affecting at least 32 packages and more than 90 malicious package versions published under the @redhat-cloud-services npm namespace. Collectively, the affected packages averaged approximately 80,000 weekly downloads. The campaign abused GitHub Actions OpenID Connect (OIDC) trusted publishing workflows to distribute malicious packages with valid provenance attestations, demonstrating how legitimate software supply chain trust mechanisms can be weaponized following compromise of upstream development infrastructure. Miasma harvests GitHub credentials, cloud identities, CI/CD secrets, SSH keys, and other sensitive developer assets that could facilitate compromise of additional repositories, software packages, and development environments. The campaign highlights the increasing sophistication of attacks targeting software development infrastructure rather than traditional end-user systems.

Key Takeaways

  • Researchers identified at least 32 compromised packages and more than 90 malicious package versions within the @redhat-cloud-services npm namespace.
  • The affected packages collectively received approximately 80,000 weekly downloads prior to disclosure.
  • Miasma appears to be derived from or inspired by the publicly released Mini Shai-Hulud malware family.
  • Attackers abused GitHub Actions OIDC trusted publishing workflows to distribute malicious packages with valid SLSA provenance attestations.
  • The malware targets GitHub credentials, GitHub Actions secrets, npm tokens, SSH keys, cloud credentials, Kubernetes secrets, Vault tokens, and CI/CD assets.
  • Researchers observed multiple waves of activity, including newer variants leveraging Node.js build mechanisms and binding.gyp execution techniques.
  • Subsequent reporting linked related Miasma activity to 73 Microsoft repositories that were disabled following discovery of malicious modifications.

Threat Overview

Multiple security vendors disclosed a software supply chain compromise involving packages published under the @redhat-cloud-services npm namespace. Investigations by industry researchers determined that attackers inserted credential-stealing malware into trusted software packages distributed through legitimate release channels. Public reporting indicates the attackers gained access to the RedHatInsights software development environment and introduced malicious orphan commits into repositories including frontend-components, javascript-clients, and platform-frontend-ai-toolkit. These modifications enabled the publication of trojanized package versions through trusted CI/CD workflows. Multiple vendors including Wiz, Microsoft, and StepSecurity, reported on Miasma.

Unlike many previous npm compromises that relied solely on stolen maintainer credentials or npm access tokens, Miasma leveraged GitHub Actions OIDC trusted publishing workflows. As a result, the malicious packages were published with legitimate-looking provenance metadata, demonstrating that trusted software signing and verification mechanisms can still be abused when upstream build infrastructure is compromised.

Researchers have described Miasma as a descendant or derivative of TeamPCP’s Mini Shai-Hulud malware family. Following the public release of Mini Shai-Hulud source code earlier in 2026, multiple copycat and derivative campaigns emerged targeting developer ecosystems and software supply chains.

Technical Analysis

Microsoft reported more than 90 malicious package versions across 32 affected packages within the @redhat-cloud-servicesnpm namespace. According to public reporting, the attackers executed two waves of malicious commits within a short timeframe, injecting GitHub Actions workflows that requested id-token: write permissions to obtain OIDC identity tokens. These workflows executed obfuscated JavaScript payloads that ultimately published malicious package versions through trusted publishing mechanisms.

The malware relies heavily on JavaScript obfuscation techniques, including encoded strings, runtime decoding functions, and extensive use of dynamic execution methods. Researchers noted similarities between the code structure of Miasma and the earlier Mini Shai-Hulud malware family, though attribution remains complicated by the public availability of the original source code. At this time, it remains unclear whether Miasma can be directly attributed to TeamPCP.

Once executed, Miasma performs extensive credential harvesting activities targeting both developer workstations and automated build environments. Observed targets include:

  • GitHub credentials and access tokens
  • GitHub Actions secrets
  • AWS credentials
  • Azure credentials
  • Google Cloud credentials
  • Kubernetes service account tokens
  • HashiCorp Vault credentials
  • npm publishing tokens
  • CircleCI credentials
  • SSH keys
  • Git credentials

Researchers additionally reported attempts to scrape GitHub Actions runner memory for secrets, collect credentials from CI/CD environments, and harvest identities capable of providing access to additional development infrastructure.

One of the most significant findings associated with Miasma is its abuse of GitHub Actions OIDC trusted publishing workflows. Unlike traditional package compromises that require theft of npm publishing tokens, the attackers leveraged GitHub's trusted publishing architecture to obtain short-lived identity credentials directly from GitHub Actions workflows. This allowed malicious packages to be published through legitimate release mechanisms while retaining valid provenance metadata, complicating downstream trust decisions and software supply chain verification processes.

By leveraging legitimate publishing mechanisms rather than directly stealing npm publishing tokens, attackers were able to generate package releases carrying cryptographically valid SLSA provenance attestations despite the malicious content. This represents a notable evolution in software supply chain tradecraft and challenges assumptions that provenance verification alone is sufficient to establish software integrity.

Subsequent reporting identified additional campaign waves that abused Node.js build mechanisms and binding.gypconfigurations to trigger execution during package installation. These techniques reduce reliance on traditional npm lifecycle scripts such as preinstall and postinstall, which are more commonly scrutinized by developers and security tools. Researchers also documented activity involving developer tooling, development environments, and repository workflows. This reflects a broader trend toward targeting software development infrastructure rather than end-user systems.

Campaign Evolution

Miasma represents the latest evolution of a software supply chain threat lineage that has rapidly matured throughout 2026. While early Mini Shai-Hulud variants focused primarily on credential theft and package compromise, Miasma demonstrates a significant expansion in both targeting scope and operational sophistication.

Abuse of Trusted Publishing Infrastructure

Traditional npm supply chain attacks often rely on stolen maintainer credentials or compromised publishing tokens. Miasma instead abused GitHub Actions OIDC trusted publishing workflows to generate malicious releases with legitimate provenance attestations. This distinction is significant because many organizations increasingly rely on provenance validation and software signing mechanisms to establish trust in software artifacts. The campaign demonstrates that trust mechanisms can still be undermined when attackers gain access to upstream build infrastructure.

Expansion of Cloud Credential Collection

Compared to earlier Mini Shai-Hulud variants, Miasma expanded credential collection capabilities to target a broader range of cloud-native environments. Researchers observed collection attempts involving AWS, Azure, Google Cloud, Kubernetes service accounts, HashiCorp Vault deployments, GitHub Actions secrets, npm publishing tokens, and other CI/CD assets. This shift reflects the growing value of cloud identities and development infrastructure as targets for threat actors seeking privileged access into enterprise environments.

Evolution Beyond Lifecycle Scripts

Initial Miasma activity relied heavily on npm lifecycle hooks such as preinstall to trigger execution during package installation. Later variants incorporated execution through binding.gyp and Node.js build workflows. This evolution suggests operators are actively adapting techniques in response to increased scrutiny of traditional lifecycle scripts and package installation behavior.

Increased Focus on Developer Tooling

Public reporting indicates that some campaign activity extended beyond package installation and credential theft into developer tooling and repository workflows. Researchers observed attempts to leverage development environments, repository configurations, and software engineering workflows as additional attack surfaces. This reflects a broader industry trend in which attackers increasingly target software development infrastructure rather than end-user systems.

Defensive Implications

The Miasma campaign highlights several important lessons for organizations that develop, publish, or consume software packages:

  • First, software provenance alone should not be treated as a guarantee of trust. Miasma demonstrated that attackers can leverage legitimate publishing infrastructure and trusted workflows when upstream development environments are compromised.
  • Second, modern software supply chain attacks increasingly target identities rather than endpoints. The campaign focused heavily on cloud credentials, CI/CD secrets, source code repositories, and publishing infrastructure rather than deploying traditional malware to end-user systems.
  • Third, software development environments have become high-value targets. Build systems, package repositories, source code platforms, and developer workstations increasingly contain the credentials necessary to compromise large portions of an organization's software ecosystem.
  • Finally, organizations should assume that a software supply chain compromise extends beyond the affected package itself. Because Miasma harvested credentials associated with development infrastructure, package repositories, and cloud environments, the installation of a malicious package may represent only the initial stage of a broader compromise.

Analyst Commentary

Miasma represents one of the most significant software supply chain incidents observed in 2026 due to its abuse of trusted software publishing infrastructure rather than traditional package repository compromise alone. The campaign demonstrates that modern supply chain security controls, including trusted publishing workflows and software provenance mechanisms, can still be undermined when attackers gain access to upstream development environments.

Particularly noteworthy is the malware's use of GitHub Actions OIDC trusted publishing workflows to distribute malicious packages carrying legitimate provenance metadata. This technique challenges assumptions that provenance verification alone is sufficient to establish software integrity. Combined with broad credential harvesting functionality and mechanisms capable of enabling further repository compromise, Miasma illustrates how compromises of developer infrastructure can rapidly expand into downstream ecosystems.

PolySwarm's crowdsourced threat intelligence ecosystem enables defenders to compare detections across multiple security vendors and researchers, helping identify suspicious software artifacts, malicious package variants, and emerging supply chain threats that may evade individual security products. As attacks increasingly target software development infrastructure and trusted publishing systems, access to diverse threat intelligence can help organizations validate software artifacts more effectively and reduce exposure to compromised dependencies.

IOCs

PolySwarm has multiple samples of Miasma.

 

1259284706ec9ffbcccbede1e8055c1a4fa5fd69885dfb982ccd06df2fb83d0a

0d1e742c4f94d592d6b824cf7cb9dfebd8c2a323345080a6524d0352d1cd479c

 

Click here to view all samples of Miasma in our PolySwarm portal.

 

Don’t have a PolySwarm account? Go here to sign up for a free Community plan or subscribe.

Contact us at hivemind@polyswarm.io | Check out our blog | Subscribe to our reports.

 

Topics: Threat Bulletin, Supply Chain Attack, Mini Shai-Hulud, GitHub Actions, Miasma, npm, SLSA, Open Source Security, CI/CD Security

The Hivemind

Written by The Hivemind

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More