Full Report
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below - @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) "The
Analysis Summary
# Incident Report: Compromised AsyncAPI npm Packages Distributing Miasma Malware
## Executive Summary
In July 2026, four widely used npm packages under the `@asyncapi` namespace were compromised to distribute a multi-stage botnet loader and the "Miasma" tasking framework. The attack leveraged a CI/CD pipeline compromise, allowing the threat actor to publish malicious code through legitimate GitHub Actions, resulting in packages with valid provenance attestations. The incident highlights a significant supply chain risk where authorized automated workflows can be used to validate malicious updates.
## Incident Details
- **Discovery Date:** July 15, 2026
- **Incident Date:** July 2026
- **Affected Organization:** AsyncAPI Initiative (Open Source Project)
- **Sector:** Information Technology / Software Development
- **Geography:** Global (npm Registry)
## Timeline of Events
### Initial Access
- **Date/Time:** Early July 2026
- **Vector:** CI/CD Pipeline / GitHub Repository Access
- **Details:** The attacker gained push access to the AsyncAPI repositories. Rather than stealing npm tokens, they pushed malicious commits using a placeholder Git identity, triggering the project's legitimate GitHub Actions release pipeline.
### Lateral Movement
- **Mechanism:** Once the malicious package is loaded via Node.js, the malware attempts LAN lateral movement and worm-like propagation across other registry ecosystems including PyPI and Cargo.
### Data Exfiltration/Impact
- **Details:** The malware targets credential theft, AI tool poisoning, and establishes a command-and-control (C2) connection for further instructions and data exfiltration.
### Detection & Response
- **Detection:** Identified by security researchers at OX Security, SafeDep, Socket, and StepSecurity.
- **Response:** All affected package versions were unpublished from the npm registry.
## Attack Methodology
- **Initial Access:** Compromised GitHub push credentials utilized to trigger OIDC-based trusted publishing.
- **Persistence:** Implementation of `systemd`, `crontab`, macOS `launchd`, and Windows Registry autostart keys.
- **Defense Evasion:** Obfuscated payloads, sandbox/VM detection, and a "dead man's switch" that wipes directories if a stolen token is revoked. It also checks for the presence of major EDR/AV tools and avoids systems with Russian language settings.
- **Discovery:** Scans for local network (LAN) devices and existing security software.
- **Lateral Movement:** Automated attempts to propagate through npm, PyPI, and Cargo registries.
- **Exfiltration:** Multi-channel C2 communication using HTTP, Nostr, IPFS, BitTorrent DHT, libp2p, and Ethereum smart contracts.
- **Impact:** Software supply chain poisoning, credential theft, and AI model/tool corruption.
## Impact Assessment
- **Financial:** Potential costs associated with remediation for thousands of downstream users; specific figures not disclosed.
- **Data Breach:** Exposure of developer credentials and potential theft of sensitive tokens.
- **Operational:** Disruption to developers using AsyncAPI tools; over 2 million weekly downloads potentially affected.
- **Reputational:** Breach of trust in OIDC provenance attestations as a guarantee of code legitimacy.
## Indicators of Compromise
- **Network Indicators:**
- `ipfs[.]io/ipfs/QmQobZSp1wRPrpSEQ56qnyq7ecZh5Bg5k1fnjt4SUwwHb9`
- **File Indicators:**
- `sync.js` (Encrypted JS loader)
- `@asyncapi/[email protected]`
- `@asyncapi/[email protected]`
- `@asyncapi/[email protected]`
- `@asyncapi/[email protected]` and `v6.11.2-alpha.1`
- **Behavioral Indicators:** Detached background Node.js processes downloading data from IPFS; unexpected modifications to crontab or registry keys.
## Response Actions
- **Containment:** Malicious versions were immediately unpublished from npm.
- **Eradication:** Rotation of compromised GitHub credentials and cleanup of the CI/CD pipeline.
- **Recovery:** Organizations are advised to treat any endpoint that imported these packages as fully compromised and perform a complete system wipe or audit.
## Lessons Learned
- **Provenance Limitations:** Legitimate SLSA provenance attestations only prove *where* the code was built, not the *intent* or *legitimacy* of the code commits.
- **CI/CD Security:** Automated publishing via OIDC is a powerful tool but creates a high-stakes single point of failure if repository push access is not strictly guarded.
## Recommendations
- **Access Control:** Implement mandatory Branch Protection rules and "Require signed commits" to prevent unauthorized pushes from placeholder identities.
- **Code Review:** Enforce multi-person review for all changes to the main branch and CI/CD configuration files.
- **Identity Management:** Periodically audit GitHub contributor permissions and implement Phishing-resistant MFA for all maintainers.