A recent supply-chain attack has compromised the integrity of several AsyncAPI packages on the Node Package Manager (npm). Five malicious versions of these packages were published, delivering a remote access trojan with info-stealing capabilities. The threat actor exploited a misconfigured GitHub Actions workflow to push trojanized packages in the @asyncapi namespace, which had a cumulative weekly download count of over 2.25 million.
Attack Details
The attackers compromised two AsyncAPI GitHub repositories on July 14 and injected malware into project files. According to Step Security, this was a CI/CD pipeline compromise, not a stolen npm token or malicious maintainer. The attacker pushed commits under a placeholder Git identity and let each repository’s real release workflow do the publishing via npm’s GitHub OIDC trusted-publisher integration.
This ensured that the resulting packages had legitimate SLSA provenance attestations, indicating they originated from an authorized workflow. The malicious AsyncAPI packages published to npm include:
* `@asyncapi/generator 3.3.1` (101k weekly downloads)
* `@asyncapi/generator-helpers 1.1.1` (43k weekly downloads)
* `@asyncapi/generator-components 0.7.1` (34k weekly downloads)
* `@asyncapi/specs 6.11.2-alpha.1` and `6.11.2` (2.1 million weekly downloads)
Malware Analysis
The first-stage implant in the published packages is an obfuscated JavaScript statement that ultimately triggers a downloader when the infected file is imported. A second-stage script, which contains configuration details and the main runtime, is retrieved from the IPFS peer-to-peer content delivery network and launched as a hidden process.
The third-stage payload is a 92,000-line malware framework with modular architecture, establishing persistence on the system and communicating with the command-and-control (C2) server over several channels: HTTP, Nostr relays, Ethereum smart contracts, and a libp2p mesh network. Although the final payload uses artifact names and configuration files pointing to the Miasma backdoor seen in past supply-chain attacks, SafeDep researchers believe that the malware is either a private, parallel build by the same operators or a separate group that adopted the Miasma brand after the source was published.
Impact and Recommendations
The exposure window for this attack extends to approximately four hours and seven minutes between 07:10 and 11:18 UTC on July 14. All five versions of the four malicious packages have been removed from npm, but developers should note that existing installations and lock files created during the exposure window may still contain the malicious releases.
To mitigate this attack, developers are recommended to pin to known-good files, regenerate lock files, remove the hidden ‘NodeJS/sync.js’ payload, terminate all malicious processes, and rotate credentials on the impacted systems.
Conclusion
This supply-chain attack highlights the importance of securing software dependencies and monitoring for potential threats. Developers should remain vigilant and take necessary precautions to prevent similar attacks in the future.
Source: Original article