Full Report
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
Analysis Summary
This summary provides a technical breakdown of the Miasma attack framework as described in the provided report.
# Tool/Technique: Miasma
## Overview
Miasma is an advanced credential-stealing attack framework and worm designed to target open-source ecosystems through supply-chain compromise. It is an evolution of the earlier "Shai-Hulud" malware and is characterized by its autonomous self-propagation mechanism, which allows it to spread from developer machines to legitimate software repositories.
## Technical Details
- **Type:** Malware Framework / Worm
- **Platform:** Linux, macOS (Cross-platform capability)
- **Capabilities:** Credential harvesting, supply-chain poisoning, lateral movement, AI tool manipulation, and destructive anti-forensics.
- **First Seen:** Approximately June 2026 (based on the report date).
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- T1195.002 - Supply Chain Compromise: Compromise Software Dependencies
- **TA0006 - Credential Access**
- T1552 - Unsecured Credentials (Cloud, CI/CD, Secret Stores)
- T1555 - Credentials from Password Stores
- **TA0007 - Discovery**
- T1083 - File and Directory Discovery
- **TA0008 - Lateral Movement**
- T1021.004 - Remote Services: SSH
- **TA0010 - Exfiltration**
- T1567.001 - Exfiltration Over Web Service: Exfiltration to Code Repository
- **TA0040 - Impact**
- T1485 - Data Destruction (Dead-man switch functionality)
## Functionality
### Core Capabilities
* **Broad Credential Harvesting:** Targets cloud providers (AWS), CI/CD systems, Kubernetes, secret stores, and local password managers.
* **Autonomous Propagation:** Once credentials are stolen, the tool automatically publishes trojanized versions of packages to npm, PyPI, and RubyGems, or pushes malicious code to GitHub repositories.
* **C2-less Architecture:** Uses GitHub itself as the communication and exfiltration channel, negating the need for dedicated command-and-control infrastructure.
* **Lateral Movement:** Moves via SSH and AWS Systems Manager (SSM) to infect adjacent systems.
### Advanced Features
* **AI Tool Poisoning:** Specifically poisons configurations for AI coding assistants such as Claude, Gemini, Cursor, Copilot, Kiro, and Cline to influence code generation.
* **Destructive Dead-Man Switch:** Installs a persistence mechanism (`systemd` service or `LaunchAgent`) that monitors the stolen GitHub token. If the token is revoked, the malware executes `rm -rf` on the user’s home and Documents directories.
* **Polymorphic Build Pipeline:** Employs a five-stage process using AES-256-GCM encryption, randomized string obfuscation, and source transformations to ensure every payload is unique.
## Indicators of Compromise
* **File Names:** `Miasma-Open-Source-Release` (Repository name used during the leak).
* **Persistence Mechanisms:**
* Linux: Malicious `systemd` user services.
* macOS: Malicious `LaunchAgents`.
* **Behavioral Indicators:**
* Unexpected recursive deletion of home/document directories upon token revocation.
* Unauthorized modifications to `.env` files, CI/CD configurations, or AI tool settings.
* High frequency of repository/package metadata checks (every minute).
## Associated Threat Actors
* The specific group is currently unnamed in the report, though they have been linked to the compromise of Red Hat npm packages and 73 Microsoft GitHub repositories.
## Detection Methods
* **Behavioral Detection:** Monitor for unauthorized `git push` or package publishing events from developer workstations and CI/CD runners. Watch for the creation of unusual `systemd` or `LaunchAgent` entries by non-root users.
* **Static Analysis:** Focus on the self-extracting loader patterns, though encryption and obfuscation make signature-based detection (MD5/SHA) unreliable due to the polymorphic nature of the builds.
## Mitigation Strategies
* **Dependency Pinning:** Explicitly pin project dependencies to specific versions/hashes to prevent the automatic ingestion of trojanized updates.
* **Delayed Adoption:** Implement a mandatory delay (e.g., 2-3 days) before adopting newly released package versions to allow for community vetting.
* **Isolated Validation:** Test new builds and dependencies in isolated, sandboxed environments before production use.
* **Credential Hygiene:** Use short-lived tokens and hardware-based MFA for repository access to limit the window of opportunity for stolen credentials.
## Related Tools/Techniques
* **Shai-Hulud:** The predecessor malware from which Miasma was derived.
* **Supply-Chain Poisoning:** Similar techniques used in the SolarWinds and Codecov incidents.