AsyncAPI npm Packages Compromised in Sophisticated Supply-Chain Attack
A critical supply-chain attack has targeted the **Node Package Manager (npm)**, injecting credential-stealing malware into five versions of **AsyncAPI** packages. Threat actors exploited a misconfigured **GitHub Actions** workflow, pushing trojanized packages with legitimate provenance attestations to over 2.25 million weekly downloads. This incident highlights the escalating sophistication of attacks on developer ecosystems.
A recent supply-chain attack has sent ripples through the developer community, leveraging a misconfigured **GitHub Actions** workflow to compromise **AsyncAPI** packages on **npm**. The incident, confirmed by multiple security firms, saw attackers push malicious versions of widely used packages, delivering a remote access trojan with advanced info-stealing capabilities.
### The Attack Vector: Compromised CI/CD Pipelines
Security researchers at **Step Security** clarified that the attacks were not a result of stolen **npm** tokens or malicious maintainers, but rather a **CI/CD pipeline compromise**. The attackers skillfully pushed commits under a placeholder **git** identity, allowing the repositories' legitimate release workflows to publish the trojanized packages via **npm**'s **GitHub OIDC** trusted-publisher integration.
Crucially, this method ensured the malicious packages bore legitimate **SLSA** provenance attestations, making them appear as if they originated from an authorized workflow. This sophisticated tactic allowed the malware to evade initial suspicion and spread effectively.
### Impacted AsyncAPI Packages
The following **AsyncAPI** packages were identified as compromised on **npm**:
* **@asyncapi/generator** 3.3.1 (101k weekly downloads)
* **@asyncapi/generator-helpers** 1.1.1 (43k weekly downloads)
* **@asyncapi/generator-components** 0.7.1 (34k weekly downloads)
* **@asyncapi/specs** 6.11.2-alpha.1 and 6.11.2 (2.1 million weekly downloads)
### Multi-Stage Malware Delivery
**Socket**, an application security company, detailed the multi-stage nature of the attack. The initial implant within the published packages was an obfuscated JavaScript statement designed to trigger a downloader when imported. This first stage then retrieved a second-stage script from the **IPFS** peer-to-peer content delivery network, launching it as a hidden process.
Cloud and application security firm **Wiz** further analyzed the third-stage payload, describing it as a "92,000-line malware framework with modular architecture." This sophisticated framework establishes persistence on the system and communicates with its command-and-control (**C2**) server through multiple channels, including **HTTP**, **Nostr** relays, **Ethereum** smart contracts, and a **libp2p** mesh network.

*Attack flow diagram
Source: Step Security*
### Miasma Backdoor Link and Stealth Features
While the final payload uses artifact names and configuration files reminiscent of the **Miasma** backdoor, previously seen in other supply-chain attacks, **SafeDep** researchers suggest it could be a private build by the same operators or a separate group leveraging the **Miasma** brand after its source code was leaked. The malware's primary objective is to steal sensitive data, including credentials, authentication keys, tokens, browser data, and information from **CI/CD** systems, **AI** developer tools, cryptocurrency wallets, and databases.
Interestingly, the malware also includes functionalities to download **Gitleaks** and **HackBrowserData** tools for enhanced data collection. However, **Aikido** notes that these data harvesting functions were not fully operational at the time of analysis, though manual execution via shell remains a possibility.
**Ox Security** also observed a geographical check within the malware, where it terminates its process if it detects a Russian locale, a common tactic in certain cybercrime operations.
### Remediation and Exposure Window
All five malicious versions of the four affected packages have been removed from **npm**. However, developers must be aware that existing installations and lock files created during the exposure window may still contain the compromised releases. The critical exposure period was approximately four hours and seven minutes, between 07:10 and 11:18 UTC on July 14.
The recommended actions for impacted systems include:
* Pinning to known-good package versions.
* Regenerating lock files.
* Removing the hidden 'NodeJS/sync.js' payload.
* Terminating all malicious processes.
* Rotating credentials on all affected systems.