2 min read

AsyncAPI npm breach pushed malware to 2.25 million-download packages

Five trojanized AsyncAPI npm releases were published on July 14 after a GitHub Actions compromise, targeting credentials and developer secrets.

Image: BleepingComputer

Five malicious AsyncAPI package versions briefly landed on npm on July 14 after attackers compromised two project GitHub repositories and abused a misconfigured GitHub Actions workflow. The affected packages, published under the @asyncapi namespace, collectively account for more than 2.25 million weekly downloads.

Multiple security firms said this was a CI/CD pipeline compromise, not a case of stolen npm tokens or rogue maintainers. According to Step Security, the attacker pushed commits using a placeholder Git identity, then relied on each repository’s legitimate release workflow to publish the packages through npm’s GitHub OIDC trusted-publisher integration. That also meant the releases carried legitimate SLSA provenance attestations.

The malicious packages were:

  • @asyncapi/generator 3.3.1 (101k weekly downloads)
  • @asyncapi/generator-helpers 1.1.1 (43k weekly downloads)
  • @asyncapi/generator-components 0.7.1 (34k weekly downloads)
  • @asyncapi/specs 6.11.2-alpha.1 and 6.11.2 (2.1 million weekly downloads)

Socket said the first-stage implant was an obfuscated JavaScript snippet that triggered a downloader when the infected file was imported. A second-stage script was then fetched from IPFS and launched as a hidden process. Wiz described the third stage as a 92,000-line modular malware framework that establishes persistence and communicates with command-and-control infrastructure over HTTP, Nostr relays, Ethereum smart contracts, and a libp2p mesh network.

What the malware targeted

1 / 3

Researchers linked the payload’s artifacts and configuration files to the Miasma backdoor seen in earlier supply-chain attacks, though SafeDep said it may be either a private parallel build by the same operators or another group reusing the Miasma name after source code was published.

Recommended reading

Hinge founder Justin McLeod readies Overtone AI matchmaker

Its apparent goal was to steal secrets, including:

  • credentials, authentication keys, and tokens
  • browser data
  • data from CI/CD systems and developer tools
  • cryptocurrency wallets and databases

The malware also included the ability to download Gitleaks and HackBrowserData. But Aikido reported those automated collection functions did not work because the harvesting tool exited before gathering data. Even so, the researchers noted the attacker could still use the shell manually. Ox Security added that the malware checks whether a system is in Russia and terminates if it finds a match.

Exposure window and cleanup steps

All five malicious releases have now been removed from npm, but systems that installed them during the exposure window may still be infected. That window lasted about four hours and seven minutes, from 07:10 to 11:18 UTC on July 14.

Developers are advised to pin to known-good files, regenerate lock files, remove the hidden NodeJS/sync.js payload, terminate malicious processes, and rotate credentials on affected systems.

Tomas Berg

Computing Editor

Tomas lives in the terminal. He covers chips, laptops, and operating systems with a focus on performance and efficiency. He reads kernel changelogs the way other people read fiction, and he's always on the hunt for the perfect mechanical keyboard switch. If it processes data, Tomas has an opinion on it.

via BleepingComputer

// Keep reading