Coordinated AsyncAPI Supply Chain Attack: Miasma RAT Delivered via Compromised CI/CD Pipelines in Two Repositories
Three AsyncAPI npm packages were compromised on July 14, 2026 and published with malicious code (Miasma RAT dropper) via a compromised CI/CD pipeline. The attacker gained push access to the repository's next branch, allowing them to use the legitimate GitHub Actions release workflow to publish malicious versions with valid npm OIDC provenance attestations.
- Disclosed
- Last updated
- Blast radius
- Potentially all npm users who installed @asyncapi/generator@3.3.1, @asyncapi/generator-helpers@1.1.1, or @asyncapi/generator-components@0.7.1 between July 14, 2026 and package removal.
- Attack vectors
- Threat actor
- Affected entities
- @asyncapi/generator · 3.3.1
- @asyncapi/generator-helpers · 1.1.1
- @asyncapi/generator-components · 0.7.1
On July 14, 2026 at 07:10 UTC, three packages in the AsyncAPI generator monorepo were published to npm carrying an obfuscated dropper payload: @asyncapi/generator@3.3.1, @asyncapi/generator-helpers@1.1.1, and @asyncapi/generator-components@0.7.1. The malicious code executes immediately upon library load, not during installation.
The attack leveraged a compromised CI/CD pipeline rather than a stolen npm token. The attacker gained push access to the repository's next branch and used the project's legitimate GitHub Actions release workflow to publish the malicious versions. This approach allowed the packages to carry valid npm OIDC provenance attestations, making detection more difficult.
The payload is identified as a Miasma RAT (Remote Access Trojan) dropper. All three packages were published through the same compromised pipeline, indicating a coordinated attack across the AsyncAPI generator monorepo.
Users who installed any of the three affected versions between the publication date and package removal are at risk of infection with the Miasma RAT.
Indicators of compromise
- Packages
- @asyncapi/generator@3.3.1
- @asyncapi/generator-helpers@1.1.1
- @asyncapi/generator-components@0.7.1
Remediation
- Immediately remove or downgrade @asyncapi/generator, @asyncapi/generator-helpers, and @asyncapi/generator-components to versions prior to 3.3.1, 1.1.1, and 0.7.1 respectively.
- Audit npm install logs and dependency trees to identify all systems that installed the affected versions between July 14, 2026 and package removal.
- Scan systems that installed the affected packages for Miasma RAT indicators of compromise.
- Review GitHub repository access logs and CI/CD pipeline execution history to identify the initial compromise vector.
- Rotate all credentials and tokens with access to the AsyncAPI repositories and npm publishing infrastructure.
- Implement stricter branch protection rules and require code review for all changes to CI/CD pipeline configurations.
- Enable and monitor npm OIDC provenance attestations as a detection mechanism, but recognize that valid attestations do not guarantee package integrity if the CI/CD system itself is compromised.
Sources
Cite this entry
"Coordinated AsyncAPI Supply Chain Attack: Miasma RAT Delivered via Compromised CI/CD Pipelines in Two Repositories." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 14, 2026; last updated July 14, 2026. https://supplychainattack.org/incident/coordinated-asyncapi-supply-chain-attack-miasma-rat-delivered-via-compromised-ci-10vuxk
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedhigh
M-Red-Team: AsyncAPI Supply Chain Compromise via GitHub Actions
M-Red-Team compromised AsyncAPI npm packages via GitHub Actions, injecting malicious code into the supply chain. The attack leveraged build system access to distribute compromised packages to downstream consumers.
M Red TeamnpmOtherCompromised packageBuild-system compromise - activecritical
TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages
The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. The attack was first detected by StepSecurity in official @tanstack packages and is spreading across the npm ecosystem in real time.
TeamPCPMini Shai HuludnpmOtherCompromised packageBuild-system compromise - activecritical
Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope
The Shai-Hulud worm has hijacked intercom-client@7.0.4 (361,510 weekly downloads) via a compromised GitHub Actions OIDC publishing pipeline, 29 hours after compromising mbt@1.2.48 and @cap-js/sqlite@2.2.2. The worm is actively propagating through CI/CD infrastructure stolen from earlier victims, targeting multi-cloud credentials (AWS, GCP, Azure).
Shai-HuludnpmOtherCompromised packageBuild-system compromiseAccount takeover - containedcritical
Injective SDK on npm infected with cryptocurrency wallet stealer
Hackers compromised the Injective Labs SDK GitHub repository and published a malicious npm package that stole cryptocurrency wallet private keys and mnemonic seed phrases from users who installed it.
npmCompromised packageMalicious commit