Skip to content
Auto-CTI
Back to all deep dives
MICROSOFT SECURITY BLOG

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

CRITICAL npm supply-chain CI/CD credential-theft

Strategic summary

Microsoft Threat Intelligence identified a large-scale npm supply chain attack involving 32 malicious packages under the @redhat-cloud-services scope. The attackers compromised the CI/CD pipeline and leveraged legitimate GitHub Actions OIDC workflows to publish trojanized packages with forged provenance signatures. The malware executed via a preinstall hook, downloaded the Bun runtime, and harvested credentials from cloud services, developer systems, and CI/CD environments. It also propagated in a worm-like fashion by compromising additional maintainer packages.

Key findings

  • The attackers exploited a compromised CI/CD pipeline to publish 32 npm packages with authentic provenance signatures.
  • The preinstall hook executed a heavily obfuscated dropper script, downloading the Bun runtime to deploy credential-stealing payloads.
  • The malware systematically stole credentials from GitHub, npm, AWS, Azure, GCP, HashiCorp Vault, Kubernetes, as well as SSH keys and browser data.
  • In CI/CD environments, it scraped runner memory, escalated privileges via passwordless sudo, and spread by republishing compromised packages.
  • Microsoft worked with npm to remove affected repositories and introduced additional protections for the namespace.

Relevance for you

A large-scale npm supply chain attack compromises 32 packages under the @redhat-cloud-services scope via CI/CD pipeline infiltration, where attackers abused legitimate GitHub Actions OIDC workflows to publish trojanized packages with authentic signatures.

Risk score

63
cvss base
45.00
kev bonus
0.00
epss bonus
0.00
poc bonus
15.00
raw before weight
60.00
industry weight
1.10
freshness factor
1.00
days old
0.00
vendor mismatch penalty
0.00
consensus penalty
-3.00

Path: operational

Consensus check

The pipeline self-checks before delivery. These rules lowered the score:

  • TTP_SKIPPED TTP mapping skipped (placeholder or aggregation article) −3
Consensus penalty:
−3.0
Total penalty:
−3.0
ESC