Cybersecurity researchers are sounding the alarm on a significant evolution of the **Miasma** malware, a variant of the **Mini Shai-Hulud** and **Hades** family. The latest iteration has successfully infiltrated new npm packages and, notably, has spread to the Go ecosystem. "The latest activity includes malicious npm releases affecting **LeoPlatform** and **RStreams** packages, GitHub Actions workflow abuse, and a related Go module compromise involving the **Verana Blockchain** project," reported **Socket**.  The primary objective of this ongoing campaign remains consistent: to exfiltrate developer and maintainer credentials. These stolen credentials are then weaponized to facilitate further propagation across package registries, code repositories, and secure developer workflows. ### Affected Packages The list of compromised packages includes: * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * [email protected] * github.com/verana-labs/[email protected] (Go) It is suspected that an npm developer account associated with **LeoPlatform** (username "czirker") was breached, likely through leaked credentials. This breach allowed threat actors to exploit an npm token belonging to the maintainer, pushing trojanized versions within a narrow six-second window. ### Evolving Tactics and Persistent Threat This new wave of attacks employs many of the tactics previously observed, including npm registry poisoning, `binding.gyp` install-time execution, **Bun**-staged JavaScript malware, **GitHub** dead-drop infrastructure, **GitHub Actions** secret theft, persistence through IDE and AI coding assistants, and encrypted credential exfiltration.  Despite the malicious npm packages lacking a typical lifecycle hook in their `package.json` file, they cleverly incorporate a `binding.gyp` file. This allows for the execution of arbitrary code during installation, launching a JavaScript loader that downloads and installs the **Bun** runtime (if not present) before deploying the stealer payload. This payload is designed to harvest secrets, credentials, and tokens. The malware also includes a Russian locale killswitch and checks for endpoint security software. A critical component is the dropping of a workflow named "Run Copilot" to capture CI/CD environment secrets from runner memory. This information is then uploaded to a public **GitHub** repository with the description "Alright Lets See If This Works." Currently, **559 repositories** match this description. ### Token Relays and GitHub Action Compromises The token relay marker has also seen an update. Earlier attacks used strings like "IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner," but the current iteration uses "RevokeAndItGoesKaboom." This new string has been identified as a **GitHub** dead-drop resolver, linked to the recent compromise of the "codfish/semantic-release-action" **GitHub Action**.  **StepSecurity** detailed this compromise: "On June 24, 2026 at 15:39:06 UTC, an attacker force-pushed a malicious commit to **codfish/semantic-release-action** and redirected several version tags to point at the malicious commit." Any workflow running against these tags post-compromise would execute the attacker's payload directly within the **GitHub Actions** runner. This payload steals **GitHub OIDC** tokens, harvests **Personal Access Tokens** (PATs), encrypts the data, and attempts to backdoor other repositories accessible with the stolen credentials. These interconnected events strongly suggest a single operational cluster or tooling lineage. According to **Endor Labs** and **OX Security**, the malware also polls **GitHub** hourly for commits matching the string "firedalazer" to retrieve and execute the **Hades** variant. ### Impact and Broader Implications "The **Leo/RStreams** package set is tied to cloud-native and serverless workloads," noted **JFrog**. "A compromise here can expose developer workstations, CI/CD systems, **AWS**-backed applications, **GitHub** repositories, package publishing credentials, and downstream package consumers."  "The notable story is not that the payload is radically new. It is that **Shai-Hulud** continues to move across legitimate package ecosystems while changing just enough indicators to make stale detections less effective." The compromise of the **Verana GitHub** repository further illustrates the campaign's expansion beyond npm. While it employs the same **Miasma** execution pattern, it doesn't rely on native Go module resolution or build logic. "Unlike the npm packages, this sample does not rely on `binding.gyp`," **Socket** explained. "The risk is source-repository execution: a developer who clones or opens the repository in a trusted IDE or AI coding assistant environment may trigger the payload through project configuration." This emphasizes that **Miasma** is adapting to target developer workflows, not just package manager install hooks, signifying a persistent and evolving threat to the software supply chain.