Miasma npm Supply-Chain Attack: Red Hat Packages Hijacked to Steal CI/CD Credentials

The Miasma attack injected credential-stealing code into Red Hat’s npm packages, exfiltrating CI/CD secrets and cloud keys from thousands of developers. Windows machines were especially targeted. Red Hat has issued fixes and an audit tool, urging immediate credential rotation.

Security researchers uncovered a brazen supply-chain attack on June 1, 2026, targeting the npm registry’s @redhat-cloud-services namespace. Malicious versions of several packages, used by thousands of developers to integrate with Red Hat’s cloud platform, were laced with code that silently exfiltrated CI/CD secrets and cloud credentials during installation. Dubbed “Miasma,” the attack underscores the fragility of trust in open-source ecosystems—and the far-reaching consequences for Windows developers who rely on these tools.

Attack Discovery

Automated scanners from security firms Snyk and Aqua Security flagged anomalous behavior in version bumps of popular packages including @redhat-cloud-services/frontend-config, @redhat-cloud-services/chrome, and @redhat-cloud-services/inventory. The malicious versions—each a minor increment from the legitimate latest—contained post-install scripts that contacted an external server and transmitted environment variables, .npmrc files, and Git configuration data. The attacker exploited npm’s two-factor authentication bypass by compromising a maintainer’s account, publishing the tainted packages under the official namespace without triggering alarms.

Red Hat confirmed the breach within hours, pulling the offending versions from npm and resetting all maintainer credentials. In a security advisory, the company stated, “No Red Hat internal systems were affected, but developers who installed these packages between May 28 and June 1, 2026, should assume all credentials accessible to their npm environment are compromised.”

Modus Operandi: How Miasma Worked

The attack leveraged npm’s postinstall lifecycle hook, a common vector in supply-chain compromises. On installation, the package ran a heavily obfuscated Node.js script that:

Scanned the current working directory and upward for .npmrc files containing registry authentication tokens.
Harvested AWS_ACCESS_KEY_ID, GITHUB_TOKEN, AZURE_PIPELINE_TOKEN, and other well-known CI/CD environment variables.
Queried the local Git configuration (~/.gitconfig) for user identities and remote URLs.
Packed the data into a JSON payload and POSTed it to a command-and-control server hosted at a fast-flux domain.

The script then used child_process.exec to spawn a reverse shell in some variants, allowing the attacker persistent remote access to the developer’s machine. Investigators noted that the malware specifically targeted Windows paths (e.g., checking %USERPROFILE%\\.npmrc and %APPDATA%\ pm\\etc\ pmrc) alongside Unix-style directories, confirming that Windows development hosts were a primary target.

Affected Packages and Scope

At present, five packages under the @redhat-cloud-services scope are confirmed to have been tampered with:

Package Name	Malicious Version	Downloads (Weekly)
frontend-config	2.1.4	12,000
chrome	1.5.9	8,500
inventory	3.2.7	6,200
utils	4.0.3	5,800
notifications	2.8.11	4,300

Because these packages are transitive dependencies in many enterprise Red Hat Ansible Automation Platform integrations, the blast radius extends far beyond direct consumers. Any project with a package-lock.json or yarn.lock referencing the compromised versions is vulnerable, even if the package was only used in a CI pipeline.

Immediate Impact

The immediate consequence is credential exfiltration. Developers who ran npm install or CI pipelines that pulled the malicious packages likely leaked:

npm tokens that could allow the attacker to publish more malicious packages.
CI/CD runner secrets used to push code or deploy to cloud environments.
Cloud API keys for AWS, Azure, and Google Cloud.
Private repository credentials and SSH keys.

Security researcher Dana Epp of Snyk Labs stated, “This isn’t just a code execution problem—it’s a full identity compromise. With those tokens, attackers can pivot into production environments and cause catastrophic damage before anyone notices.”

Within 48 hours, there were reports of unknown GitHub Actions workflows appearing in repositories of affected developers, suggesting the attacker was actively using stolen tokens to modify source code and inject backdoors.

Red Hat’s Response

Red Hat acted swiftly:

Deprecated the malicious versions on npm, marking them as “security holding package.”
Released clean patches (e.g., [email protected]) and notified users through GitHub Security Advisories and the Red Hat Customer Portal.
Collaborated with npm’s security team to block the attacker’s publishing credentials.
Issued a tool to help organizations identify whether they ever installed a compromised version: npx @redhat-cloud-services/audit-miasma.

The company urged all users to rotate npm tokens, revoke cloud access keys, and inspect CI/CD logs for unusual outbound connections. Red Hat also announced it would mandate hardware-based two-factor authentication for all maintainers of its npm organizations.

Windows Developer Risks

Windows users form a substantial portion of the JavaScript ecosystem, often working with tools like Visual Studio Code, GitHub Desktop, and Azure DevOps. The Miasma malware specifically targeted Windows credential stores. Once a reverse shell is established on a Windows machine, the attacker can:

Access Azure CLI credentials stored in %USERPROFILE%\\.azure.
Read secrets from the Windows Credential Manager via PowerShell.
Escalate privileges using known Windows exploits if the developer shell is running with local admin rights.

Several Windows users on forums reported unexpected outbound connections from node.exe to unfamiliar IP addresses after installing Red Hat cloud services packages the previous week. One developer noted that their Azure Kubernetes Service cluster was briefly exposed because a stolen service principal credential was used to create a new pod with a crypto miner.

Microsoft’s Defender for Endpoint team added detection rules for the Miasma behavior patterns on June 2, flagging the malicious PowerShell commands and network destinations. Windows users and administrators should ensure their Defender signatures are up to date and scan affected machines.

Broader Supply-Chain Implications

Miasma is not an isolated incident. It joins a growing list of npm supply-chain attacks—event-stream, eslint-scope, ua-parser-js, and the 2024 node-ipc sabotage—all exploiting the trust model of open-source registries. The attack raises critical questions:

Package Identity Verification: npm’s namespace system provides a false sense of security; a compromised maintainer account makes the namespace a liability rather than a protection.
Lifecycle Hook Abuse: postinstall scripts remain a necessary evil, but alternative packaging models (like WebAssembly or Snapshots) could reduce attack surface.
Credential Hygiene: CI/CD pipelines often have unrestricted access to secrets. Principal-of-least-privilege and short-lived tokens are essential.

The attack also highlights the danger of transitive trust. Even if a developer never directly used @redhat-cloud-services, a dependency of a dependency could pull in the malicious code. Modern JavaScript projects have hundreds of dependencies, making manual auditing nearly impossible.

Steps to Mitigate and Recover

For Windows development teams, the following actions are urgent:

1. Audit Your Dependencies

Run the Red Hat audit tool: npx @redhat-cloud-services/audit-miasma. This checks your package-lock.json and npm cache for any compromised version. Additionally, scan all branches of your repositories—CI logs may show downloads that were later removed from the lockfile.

2. Rotate Credentials Immediately

Assume any secret that was accessible to your npm runtime is compromised. Prioritize:

npm registry tokens (personal and CI).
GitHub, GitLab, and Bitbucket personal access tokens.
Cloud provider keys (AWS IAM, Azure Service Principal, GCP Service Account).
Private package registry credentials (e.g., Artifactory, npm Enterprise).

Use automated credential rotation tools where possible. For Windows-specific credentials, purge Azure CLI tokens with az account clear and re-login.

3. Inspect Windows Security Logs

Look for:

Event ID 4688: New process creation with cmd.exe /c or powershell -EncodedCommand originating from node.exe.
Outbound connections on non-standard ports (e.g., not 443 or 80) from Node.js processes.
Unusual modifications to %APPDATA%\\Microsoft\\Windows\\PowerShell\\PSReadLine\\ConsoleHost_history.txt.

Microsoft Defender should have flagged these events if telemetry is enabled, but manual verification is prudent.

4. Rebuild and Harde CI/CD Pipelines

Pin dependencies to exact versions in package-lock.json and use npm ci rather than npm install in pipelines.
Enable npm integrity checks (npm verify).
Use dependency review tools like GitHub’s dependency-review-action to catch suspicious versions before merging.
Restrict pipeline secrets to specific branches and actions.

5. Adopt Open-Source Security Best Practices

Use a package permission manager like npm whoami sparingly; limit token scopes to read-only unless publishing is required.
Regularly review and prune unused dependencies.
Consider a private proxy registry (Verdaccio, Artifactory) to cache and vet upstream packages.
Enable Dependabot or similar to receive real-time alerts.

Community Reaction

On Windows developer forums and Reddit’s r/javascript, users expressed a mix of anger and resignation. “I have Red Hat Ansible Automation Platform running on Windows Server 2022, and our whole deployment pipeline was infected,” wrote one sysadmin. “We only caught it because Azure Policy flagged the unusual outbound traffic.” Others lamented the difficulty of securing npm: “Every month there’s a new scare. I’m switching to Deno for my backend tooling.”

Some praised Red Hat’s quick response, but security experts cautioned that the underlying systemic issues remain unresolved. “The npm registry’s security model is broken by design,” said Katie Moussouris, CEO of Luta Security. “We need mandatory package signing and provenance, not just more Band-Aids.”

The Future of npm Security

Miasma will likely accelerate adoption of supply-chain security frameworks like SLSA and Sigstore. npm has been working on package provenance and signing, but these features are not yet mature. The attack also underscores the importance of zero-trust architectures: even internal packages should be treated as potentially hostile.

For Windows developers, the incident is a stark reminder that the node_modules folder can be a backdoor into an entire corporate network. A single compromised npm package can bridge the gap between a developer’s workstation and production cloud infrastructure.

As of June 3, 2026, npm reported that fewer than 2% of the infected packages remained installed, but the data exfiltration is irreversible. The attacker still holds an unknown number of valid credentials. Red Hat and the broader community are working to notify affected users and improve automated detection.

The Miasma attack is not just a Red Hat problem; it’s a industry-wide wake-up call. The convenience of package managers must be balanced with rigorous validation, because the next compromised namespace might be the one your entire enterprise depends on.

Windows Versions

Microsoft Services