Critical Supply Chain Attack: 31 Red Hat Cloud Services npm Packages Backdoored to Steal Cloud and Dev Credentials

A significant supply chain attack struck on June 1, 2026, targeting over 30 official packages under the @redhat-cloud-services npm scope. The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family — a sophisticated credential-stealing worm previously linked to threat actor group TeamPCP. Organizations using any of the affected packages should treat all their secrets and credentials as compromised immediately.

A Trusted Namespace Turned Weapon

This is not a typosquatting campaign. The attackers hijacked a legitimate, trusted npm namespace and published backdoored versions of widely-used frontend components, API clients, and developer tooling. According to detections from Aikido and JFrog, the malicious packages were published via GitHub Actions OIDC tokens, indicating that the CI/CD pipeline itself was compromised rather than individual developer accounts.

Each poisoned package embeds a preinstall lifecycle hook in its package.json that executes a 4.2 MB obfuscated payload automatically during every npm install, before any application code runs. The loader uses a multi-stage decryption chain — numeric character arrays, a ROT-style transform, and AES-128-GCM blobs — to evade static detection, before dropping a transient Bun-based payload to /tmp/p*.js for execution.

Sweeping Credential Theft Across Cloud and Dev Infrastructure

Once active, the Miasma malware performs sweeping credential collection targeting:

• GitHub tokens — classic, fine-grained, and GitHub Actions OIDC tokens
• Cloud credentials — AWS access keys, GCP service account files, Azure service principal and managed identity tokens
• Infrastructure secrets — Kubernetes service account tokens and kubeconfig files, HashiCorp Vault tokens
• Developer tooling — npm and PyPI publish tokens, SSH private keys, Docker registry credentials, GPG keys, and .env files across the filesystem

In cloud environments, the malware goes beyond static files. It actively queries AWS Secrets Manager, SSM Parameter Store, Azure Key Vault, and GCP Secret Manager when permissions allow. GitHub Actions runners are a prime target: the payload reads secrets directly from runtime process memory, bypassing workflow log masking entirely.

Sophisticated Evasion and Persistence

A notable evasion technique involves disguising exfiltration traffic to api.anthropic.com/v1/api — a legitimate-looking domain that blends into network logs at organizations using Anthropic services. The /v1/api path is not a valid Anthropic route, so defenders should hunt for node or Bun processes contacting this host from CI runners or developer machines.

The malware also uses a GitHub dead-drop model, creating public repositories under victim accounts with the description “Miasma: The Spreading Blight” and committing stolen credentials as JSON result files. It installs persistent monitoring services (kitty-monitor.service on Linux, com.user.kitty-monitor.plist on macOS), injects hooks into AI developer tools including Claude, Codex, and Copilot, and adds VS Code folder-open tasks that re-execute the payload.

Most critically, a destructive token monitor called gh-token-monitor watches stolen GitHub tokens. If a token is revoked before persistence is removed, it can execute destructive commands — including wiping the user’s home directory. Incident responders must isolate machines and remove persistence before revoking any tokens.

Affected Package Versions

Any project that installed any of the following @redhat-cloud-services packages on or after June 1, 2026 should be treated as compromised. Key affected packages include: @redhat-cloud-services/chrome (2.3.1), @redhat-cloud-services/frontend-components (7.7.2), @redhat-cloud-services/rbac-client (9.0.3), @redhat-cloud-services/host-inventory-client (5.0.3), and 27 additional packages across the @redhat-cloud-services scope.

Immediate Mitigation Steps

• Run npm uninstall on all affected packages and regenerate lockfiles from trusted metadata.
• Use npm ci --ignore-scripts in CI pipelines as a temporary safeguard against preinstall hook abuse.
• Remove all persistence mechanisms (kitty-monitor, gh-token-monitor) from affected machines before revoking any tokens.
• Inspect .claude/settings.json, .vscode/tasks.json, and ~/.config/index.js for injected hooks.
• Audit npm and GitHub accounts for unexpected patch-version publishes or repositories matching the “Miasma: The Spreading Blight” description.
• Rotate all exposed credentials — GitHub tokens, npm tokens, cloud keys, SSH keys, Vault tokens, and Kubernetes service account tokens — only after persistence is confirmed removed.
• Rebuild affected CI runners and developer workstations from clean images.

This attack represents a sophisticated and wide-ranging supply chain compromise that threatens organizations relying on Red Hat Cloud Services npm packages across their development pipelines. The scope, stealth, and destructive potential of Miasma make it one of the most serious npm supply chain incidents of 2026.