Threat actors compromised 32 NPM packages tied to Red Hat's Hybrid Cloud Console JavaScript ecosystem on Monday, publishing poisoned versions within a 72-second window to spread a credential-stealing worm. The affected packages collectively account for nearly 10 million downloads, and researchers at ReversingLabs, Aikido, Socket, and Ox Security have confirmed the campaign.
What Happened
On Monday, attackers gained the ability to publish malicious versions across the entire @redhat-cloud-services NPM scope. In a 72-second burst, almost certainly automated, the threat actor pushed poisoned iterations of all 32 packages. Each tainted release shipped a preinstall hook, meaning the malware executed the moment a developer ran npm install, before any code was ever imported. Red Hat maintainers have since published clean releases and NPM has pulled the malicious versions, but anyone who installed during the window should treat their environment as compromised.
What Was Taken
The payload was engineered for broad credential harvesting. According to Socket, it sweeps for GitHub Actions secrets, NPM tokens, cloud provider credentials, Kubernetes and HashiCorp Vault material, SSH keys, Git credentials, and miscellaneous sensitive files on the host. Stolen data is exfiltrated to an attacker-controlled server, with a GitHub fallback that publishes the loot to newly created public repositories. Ox Security has already identified 210 such repositories containing stolen credentials, indicating at least that many developers were successfully compromised.
Why It Matters
This is a direct hit on the trust model of the JavaScript ecosystem at one of its most visible vendor scopes. The Red Hat Hybrid Cloud Console packages are heavily used as transitive dependencies, meaning organizations that never knowingly installed them may still be exposed through nested imports. The payload, branded "Miasma: The Spreading Blight," is a variant of the Mini Shai-Hulud worm operated by TeamPCP, whose source code was released last month as part of a public challenge. That release effectively democratized worm-class supply chain attacks, and the Red Hat incident is the most consequential demonstration of that capability to date.
The Attack Technique
Aikido assesses that the attackers compromised Red Hat's CI/CD pipeline and abused GitHub Actions OIDC to authenticate publishes to NPM. ReversingLabs believes the operators had direct access to the @redhat-cloud-services scope credentials. The 72-second publish cadence is consistent with scripted automation rather than manual operator action. Ox Security observed the same actor seeding a test repository on May 29, a likely dry run for the production campaign. Once installed, the worm uses stolen GitHub tokens to enumerate repositories, modify GitHub Actions workflows, and write malicious index.js payloads, giving it lateral propagation similar to its Shai-Hulud lineage.
What Organizations Should Do
- Audit every build host, developer workstation, and CI runner for installations of
@redhat-cloud-servicespackages within the compromise window and pin to the clean reissued versions. - Assume full credential compromise on any affected host: rotate NPM tokens, GitHub PATs and Actions secrets, cloud keys, Kubernetes and Vault credentials, SSH keys, and Git credentials immediately.
- Inspect transitive dependency trees with
npm lsor an SCA tool, since these packages are widely consumed as indirect libraries. - Hunt GitHub organizations for newly created public repositories containing exfiltrated secrets, and review audit logs for anomalous repo creation, workflow modifications, and
index.jswrites. - Enforce
--ignore-scriptsfor untrusted installs in CI, and require manual review for any new dependency version introducing lifecycle hooks. - Restrict NPM publishing to short-lived OIDC tokens scoped per package, and require provenance attestations on consumed packages where supported.
Sources: Supply Chain Attack Hits 32 Red Hat NPM Packages - SecurityWeek