Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Miasma supply chain attack compromised @redhat-cloud-services npm packages to steal credentials and establish persistence.

• •Preinstall hook harvests GitHub Actions secrets, npm tokens, cloud credentials, and SSH keys
• •Encrypted credential exfiltration through attacker infrastructure and GitHub API using token-embedded commits
• •Persistence established via hooks in Claude Code settings (~/.claude/settings.json) and VS Code tasks.json
• •New variant includes GCP and Azure identity collectors with unique encryption per infection
• •Remediation involves host isolation, credential rotation, package removal, and configuration file audits

This summary was automatically generated by AI based on the original article and may not be fully accurate.