Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
Strategic summary
Microsoft Threat Intelligence identified a large-scale npm supply chain attack involving 32 malicious packages under the @redhat-cloud-services scope. The attackers compromised the CI/CD pipeline and leveraged legitimate GitHub Actions OIDC workflows to publish trojanized packages with forged provenance signatures. The malware executed via a preinstall hook, downloaded the Bun runtime, and harvested credentials from cloud services, developer systems, and CI/CD environments. It also propagated in a worm-like fashion by compromising additional maintainer packages.
Key findings
- The attackers exploited a compromised CI/CD pipeline to publish 32 npm packages with authentic provenance signatures.
- The preinstall hook executed a heavily obfuscated dropper script, downloading the Bun runtime to deploy credential-stealing payloads.
- The malware systematically stole credentials from GitHub, npm, AWS, Azure, GCP, HashiCorp Vault, Kubernetes, as well as SSH keys and browser data.
- In CI/CD environments, it scraped runner memory, escalated privileges via passwordless sudo, and spread by republishing compromised packages.
- Microsoft worked with npm to remove affected repositories and introduced additional protections for the namespace.
Relevance for you
A large-scale npm supply chain attack compromises 32 packages under the @redhat-cloud-services scope via CI/CD pipeline infiltration, where attackers abused legitimate GitHub Actions OIDC workflows to publish trojanized packages with authentic signatures.
Risk score
- cvss base
- 45.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 60.00
- industry weight
- 1.10
- freshness factor
- 1.00
- days old
- 0.00
- vendor mismatch penalty
- 0.00
- consensus penalty
- -3.00
Path: operational
Consensus check
The pipeline self-checks before delivery. These rules lowered the score:
-
TTP_SKIPPEDTTP mapping skipped (placeholder or aggregation article) −3
- Consensus penalty:
- −3.0
- Total penalty:
- −3.0