Supply-Chain Attack Compromises Red Hat npm Packages to Steal Developer Credentials
Red Hat npm packages compromised to steal developer credentials
Image: Bleepingcomputer
Over 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack, distributing a new variant of the Shai-Hulud malware called 'Miasma.' The malware targets sensitive developer credentials and secrets, affecting packages with approximately 117,000 weekly downloads.
- 01The compromised npm packages were found to contain a malicious preinstall script that executed a credential-stealing payload.
- 02Attackers allegedly accessed a Red Hat employee's GitHub account to publish backdoored packages directly to the npm registry.
- 03Red Hat has removed the affected packages and stated that the compromise was limited to internal development tooling.
- 04Organizations using the affected packages are advised to immediately rotate all credentials and secrets.
- 05The Miasma malware variant retains similar functionality to the Mini Shai-Hulud malware but features enhanced obfuscation and data theft capabilities.
Advertisement
In-Article Ad
A supply-chain attack has compromised over 30 npm packages within Red Hat's '@redhat-cloud-services' namespace, distributing a new variant of credential-stealing malware known as 'Miasma.' Discovered by security firms Aikido and OX Security, the attack backdoored packages designed to steal sensitive developer information, including cloud secrets and SSH keys. The affected packages, which receive around 117,000 downloads weekly, were published after attackers compromised a Red Hat employee's GitHub account. Red Hat responded by removing the malicious packages and asserting that the breach was limited to internal tools, with no known impact on customer environments. Organizations using these packages are urged to rotate all credentials. The Miasma malware shares similarities with the previously released Mini Shai-Hulud malware but incorporates additional obfuscation and enhanced data theft features, with 309 GitHub repositories reportedly compromised in this campaign.
Advertisement
In-Article Ad
Organizations using the compromised packages may face significant security risks due to credential theft.
Advertisement
In-Article Ad
Reader Poll
How concerned are you about supply-chain attacks affecting software packages?
Connecting to poll...
More about Red Hat
Read the original article
Visit the source for the complete story.