Miasma Worm Steals Cloud Keys via 32 Red Hat npm Packages

On June 1, 2026, attackers published 32 malicious npm packages under the official @redhat-cloud-services namespace, delivering a credential-stealing worm known as Miasma. The supply chain attack executed within a single 72-second window, leveraging compromised GitHub Actions OIDC tokens to bypass traditional npm authentication. For developers maintaining build pipelines, the incident exposes the risks of trusted publishing mechanisms when the underlying identity provider is breached.

The Miasma Payload

Miasma is an evolved variant of the Mini Shai-Hulud malware. Both are attributed to the TeamPCP threat group, which recently executed a similar supply chain attack against Python packages. Miasma executes automatically via a preinstall hook in the package’s package.json file. This design triggers the malicious payload immediately upon running the standard npm install command, regardless of whether the developer actually imports the library into their application code.

The malware heavily relies on JavaScript obfuscation, combining nested eval() statements and ROT-based decoding to hide its primary objectives from static analysis tools. Once executed, Miasma scans the local development environment for high-value secrets.

Capability	Mini Shai-Hulud	Miasma
Target Cloud Keys	AWS, GCP	AWS, GCP, Azure
Local Secrets	GitHub, Kubernetes	GitHub, Kubernetes, Vault, 1Password
Identity Collection	None	Dedicated GCP and Azure modules
Propagation Method	Static	Wormable via stolen write tokens

Unlike earlier iterations, Miasma actively maps cloud environments using dedicated GCP and Azure identity collectors. It also functions as a self-propagating worm. The script attempts to use any stolen GitHub or npm tokens to republish itself to other repositories where the compromised user has write access.

OIDC and Trusted Publishing Risks

The affected frontend libraries and UI components primarily support Red Hat’s Hybrid Cloud Console. They collectively average 80,000 to 117,000 weekly downloads. Red Hat confirmed the breach in Security Advisory RHSB-2026-006, noting that the compromised packages only affected internal development tooling rather than customer production environments.

Security researchers identified the root cause as a compromised Red Hat employee GitHub account. The attackers used GitHub Actions OpenID Connect (OIDC) tokens to push the malicious updates to the npm registry. This trusted publishing architecture improves security by eliminating long-lived npm tokens, but it completely relies on the integrity of the initial GitHub identity. When that identity is compromised, attackers inherit the pipeline’s full publishing authority. This attack vector mirrors recent incidents where OIDC theft enabled signed malware in other major open-source ecosystems.

Red Hat revoked the affected npm versions and rotated the compromised infrastructure credentials. They also removed the malicious code from the canonical repositories.

If you installed any @redhat-cloud-services packages between June 1 and June 2, 2026, assume your local environment is compromised. You must immediately rotate all local secrets, including SSH keys, cloud provider tokens, and registry credentials, before investigating further.