Credential-stealing malware found in AsyncAPI npm packages

▼ Summary
– Five malicious AsyncAPI packages were published to npm in a supply-chain attack, delivering a remote access trojan with info-stealing capabilities.
– The attacker compromised two AsyncAPI GitHub repositories via CI/CD pipeline exploits, pushing trojanized packages that had over 2.25 million weekly downloads.
– The malware used a three-stage payload: an obfuscated JavaScript downloader, a second-stage script from IPFS, and a 92,000-line modular framework for persistence and C2 communication.
– The final payload targets secrets like credentials, tokens, browser data, and cryptocurrency wallets, but security researchers found its data harvesting functions are non-functional.
– All malicious packages have been removed from npm, but developers should regenerate lock files, remove the hidden payload, and rotate credentials due to a four-hour exposure window on July 14.
Five malicious iterations of AsyncAPI packages were uploaded to the Node Package Manager (npm) as part of a supply-chain attack that deployed a remote access trojan capable of stealing credentials. The incident unfolded when a threat actor exploited a misconfigured GitHub Actions workflow, injecting trojanized packages into the @asyncapi namespace. These packages collectively recorded a weekly download count exceeding 2.25 million.
Multiple cybersecurity firms confirmed that on July 14, an attacker compromised two AsyncAPI GitHub repositories and embedded malware into project files. According to a report from Step Security, “Both attacks are CI/CD pipeline compromises, not stolen npm tokens or malicious maintainers.” The researchers elaborated that “the attacker pushed commits under a placeholder git identity and let each repository’s real release workflow do the publishing via npm’s GitHub OIDC trusted-publisher integration.” This approach allowed the malicious packages to carry legitimate SLSA provenance attestations, making them appear as though they originated from an authorized workflow.
The compromised AsyncAPI packages uploaded to npm include five versions. Application security firm Socket noted that the first-stage implant within these packages is an obfuscated JavaScript statement that triggers a downloader when the infected file is imported. A second-stage script, containing configuration details and the core runtime, is retrieved from the IPFS peer-to-peer content delivery network and launched as a hidden process.
Cloud and application security company Wiz described the third-stage payload as “a 92,000-line malware framework with modular architecture.” This payload establishes persistence on the victim’s system and communicates with the command-and-control (C2) server through multiple channels, including HTTP, Nostr relays, Ethereum smart contracts, and a libp2p mesh network.
Although the final payload uses artifact names and configuration files associated with the Miasma backdoor seen in earlier supply-chain attacks, SafeDep researchers believe the malware is “either a private, parallel build by the same operators or a separate group that adopted the Miasma brand after the source was published.” Its primary objective appears to be stealing secrets, such as credentials, authentication keys, tokens, browser data, sensitive information from CI/CD systems and AI developer tools, cryptocurrency wallets, and databases. Additionally, the malware can download Gitleaks and HackBrowserData to assist in harvesting sensitive information.
However, cybersecurity firm Aikido reported that many of these functions are nonfunctional, with the data harvesting tool exiting before collecting anything. Still, researchers cautioned that all these actions could be performed manually via the shell. Ox Security also observed that the malware performs a local check for Russia, and if a match is found, it terminates its process.
As of now, all five versions of the four malicious packages have been removed from npm. However, developers should be aware that existing installations and lock files created during the exposure window,approximately four hours and seven minutes, between 07:10 and 11:18 UTC on July 14,may still contain the malicious releases. The recommended actions include pinning to known-good files, regenerating lock files, removing the hidden ‘NodeJS/sync.js’ payload, terminating all malicious processes, and rotating credentials on affected systems.
(Source: BleepingComputer)



