Miasma Toolkit Targets Software Supply Chains

by ddos · June 12, 2026

Miasma supply chain attack, GitHub malware toolkit, software supply chain security, npm package malware

When a new batch of source code appeared on GitHub, it unexpectedly caught the attention of security researchers. Over the past few days, repositories bearing the name Miasma-Open-Source-Release began appearing across the platform in large numbers. According to the researchers behind the discovery, most of these repositories were posted using developer accounts that had already been compromised. One repository was quickly taken down, but not before researchers managed to preserve its contents for detailed analysis.

Far More Than a Simple Worm

Closer inspection revealed that Miasma is not merely self-propagating malware designed for software supply chain attacks. Rather, its creators built a comprehensive toolkit capable of using stolen credentials to attack packages across PyPI, npm, and RubyGems, as well as GitHub repositories, GitHub Actions build systems, enterprise JFrog Artifactory storage, AI-powered development environments, and cloud services.

According to documentation found within the project itself, Miasma is written in TypeScript and designed to run both on developer workstations and within continuous integration and delivery pipelines. The malware harvests secrets, spreads through software packages and repositories, and leverages SSH access along with the AWS Systems Manager service to move laterally across infrastructure.

GitHub as a Command Center

One of the most unusual aspects of Miasma is its near-total reliance on GitHub itself as a command and control hub. Rather than operating dedicated servers, the attackers search public commits to deliver commands, locate stolen access keys, and distribute updates. This approach lets malicious activity hide within the ordinary traffic flowing to a popular development platform.

Three Independent Control Channels

Researchers identified three separate control channels within Miasma. Each channel uses its own search string, distinct cryptographic keys, and a different mechanism for delivering commands. One channel searches for stolen GitHub tokens, another executes arbitrary JavaScript code, and the third regularly downloads and runs Python scripts.

A Wide Net for Stolen Credentials

Miasma gathers credentials from an extensive range of sources. These include Amazon Web Services, Microsoft Azure, Google Cloud, Kubernetes, and HashiCorp Vault, along with password managers such as 1Password and Bitwarden. When sufficient permissions are available, the malware can search for secrets within GitHub Actions environments and even extract data directly from the memory of worker nodes. For a deeper technical breakdown, SafeDep’s full analysis of the Miasma toolkit walks through each of these mechanisms in detail.

How Miasma Infects Software Packages

The researchers examined closely how the malware spreads through software packages. When Miasma locates a valid publishing token, it downloads the legitimate package, injects its own payload, bumps the version number, and republishes the infected build back to the registry. For npm specifically, the toolkit even supports Sigstore digital provenance attestations, which helps disguise the tampered versions as authentic releases.

AI Coding Assistants Are Not Safe Either

Beyond traditional packages, Miasma can infect more than a dozen popular AI-powered coding tools, including Claude, Gemini, Cursor, Copilot, Kiro, and Cline. To accomplish this, the malware modifies configuration files so that these assistants execute additional commands whenever a new working session begins.

Persistence and a Destructive Kill Switch

The toolkit’s creators also built in mechanisms for maintaining long-term access. On an infected machine, a persistent background module may install itself, checking GitHub for new commands every hour. Throughout this process, the malware tries to avoid running on devices where popular endpoint protection tools are detected.

The most aggressive feature by far is a so-called kill switch. When attackers rely on a victim’s stolen GitHub token to exfiltrate data, the malware can monitor that token’s status separately. If the token gets revoked, a command triggers that deletes the user’s home directory along with the contents of their documents folder.

A Sign of Things to Come

The researchers behind this discovery note that Miasma represents a significant evolution in software supply chain attacks. Rather than relying on a single malicious package, the attackers built a multifunctional platform. This platform can simultaneously steal credentials, spread through trusted development channels, evade defensive tools, and abuse popular cloud services to extend the attack even further.