Miasma Supply Chain Worm Hits npm, PyPI, and Microsoft Azure

Miasma Supply Chain Worm Infects npm, PyPI, and Microsoft Azure Repositories

A fast-moving supply chain campaign dubbed Miasma is spreading across open-source software registries this week, weaponizing a novel install-time technique to steal developer credentials, poison build pipelines, and self-propagate across enterprise cloud environments. Security researchers have confirmed three distinct waves since June 1, 2026, with the latest variant hitting both Microsoft’s GitHub organizations and the Python Package Index in a single 48-hour period.

Miasma supply chain attack

The Phantom Gyp Technique: How Miasma Evades Detection

The most alarming innovation in this campaign is a technique researchers call Phantom Gyp. On June 3, 2026, attackers compromised 57 npm packages across hundreds of malicious versions in under two hours. Instead of relying on the well-monitored preinstall or postinstall lifecycle scripts, the malware weaponized binding.gyp files to trigger node-gyp execution automatically. Because build-time files receive far less scrutiny than package scripts, this method slipped past many automated scanners and developer security tools.

The payload harvests credentials from npm, GitHub, AWS, GCP, Azure, HashiCorp Vault, and Kubernetes environments. It then exfiltrates stolen secrets through attacker-controlled GitHub repositories and injects malicious GitHub Actions workflows for persistence. Once inside a maintainer account, the worm repackages and republishes legitimate libraries, turning every infected developer into an unwitting distributor.

From Red Hat to Microsoft: The Attack Escalates

The campaign began on June 1 when a compromised Red Hat employee’s GitHub account injected malicious commits into multiple RedHatInsights repositories. The attacker bypassed code review entirely and triggered GitHub Actions workflows to request OpenID Connect tokens, publishing trojanized packages with valid SLSA provenance attestations. In other words, the build pipeline genuinely ran under Red Hat’s identity, but the output contained attacker-injected malware. At least 32 packages under the @redhat-cloud-services namespace were affected, cumulatively averaging approximately 80,000 weekly downloads.

Two days later, on June 5, the same operators recompromised a contributor account and pushed a malicious commit into Microsoft’s Azure/durabletask GitHub repository. The payload planted configuration files designed to execute a credential-harvesting stealer the moment a developer opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code. GitHub’s automated enforcement disabled 73 repositories across four Microsoft GitHub organizations in a 105-second sweep, but not before Azure/functions-action, the official GitHub Action for deploying Azure Functions, went dark and broke CI/CD pipelines globally.

Miasma supply chain attack

On June 7, the campaign crossed into Python territory. Researchers detected 37 malicious Python wheel artifacts across 19 PyPI packages. The Hades variant uses Python .pth startup hooks to execute a Bun-powered JavaScript credential stealer on every Python interpreter startup, without the victim ever importing the compromised package. Bioinformatics tools including dynamo-release, spateo-release, and coolbox accounted for the majority of download volume.

No CVEs, No Easy Patches

Unlike traditional software vulnerabilities, the Miasma campaign exploits compromised maintainer accounts and trusted build pipelines rather than code flaws. This means zero CVEs exist for any artifact in the entire campaign. There is no vendor patch to install and no single version to roll back. The attack surface is the trust model of open-source development itself, and remediation requires credential rotation, forensic log review, and manual verification of package integrity across every dependency tree.

Canadian Impact: Why This Threatens North of the Border

Canadian organizations are deeply exposed to this campaign. The country’s technology sector, financial institutions, and government agencies rely heavily on npm, PyPI, and GitHub Actions for software development and cloud deployment. Under the Personal Information Protection and Electronic Documents Act (PIPEDA), organizations that lose credentials or suffer downstream data breaches because of compromised development pipelines may face regulatory action from the Office of the Privacy Commissioner if they cannot demonstrate reasonable safeguards.

The Canadian Centre for Cyber Security (CCCS) has repeatedly warned that supply chain attacks represent one of the highest-priority threats to Canadian critical infrastructure. The Miasma campaign’s ability to propagate through signed, provenance-attested packages directly undermines the software integrity assumptions that many Canadian enterprises, including provincial health networks and federal departments, depend upon. Any Canadian organization using Azure Functions, Red Hat cloud services, or Python bioinformatics libraries should treat this as an active incident requiring immediate response.

Key Takeaways

  • The Miasma supply chain worm is actively spreading through npm, GitHub, and PyPI using compromised maintainer accounts.
  • The Phantom Gyp technique weaponizes binding.gyp to execute malware at install time, evading traditional lifecycle script monitoring.
  • At least 57 npm packages and 37 PyPI wheels have been confirmed malicious since June 1, 2026.
  • The campaign has compromised Microsoft Azure repositories and Red Hat cloud services packages with valid SLSA provenance.
  • No CVEs exist for this campaign because it abuses trust and credentials rather than software vulnerabilities.
  • Canadian organizations face PIPEDA compliance risks if stolen credentials lead to downstream data breaches.
  • The CCCS supply chain threat guidance applies directly to any Canadian entity using affected registries or cloud services.

What You Should Do Now

  1. Audit your dependency trees immediately. Search for any projects pulling from @redhat-cloud-services, Azure/durabletask, or the named PyPI bioinformatics packages. Pin dependencies to known-good versions and avoid any package versions published between June 1 and June 10, 2026.
  2. Rotate all developer and CI/CD credentials. Assume any npm, GitHub, AWS, GCP, Azure, Vault, or Kubernetes token accessible from a development environment during this window is compromised. Rotate secrets before reviewing logs.
  3. Run npm install --ignore-scripts as a temporary hardening measure. This prevents both lifecycle scripts and node-gyp from executing during installation until you can verify package integrity.
  4. Review GitHub Actions logs and OIDC token usage. Look for unexpected workflow runs, unauthorized token requests, or commits from unknown sources between June 1 and June 10. Check SLSA provenance attestations against your own build records.
  5. Enable multi-factor authentication on every maintainer account. Require hardware-backed MFA for all npm, PyPI, and GitHub accounts with publish access. Remove inactive maintainers and audit OAuth application permissions.
  6. Document the response for compliance. Maintain records of dependency audits, credential rotations, and forensic findings to demonstrate reasonable security safeguards under PIPEDA and provincial privacy legislation if downstream exposure is discovered.

Leave a Comment