Miasma Malware Exploits npm Packages for Persistent Backdoors

A recent security incident has revealed that the Miasma malware has infiltrated the npm ecosystem by compromising four AsyncAPI packages. This breach has transformed these trusted packages into persistent backdoors, granting attackers prolonged remote access to developer environments.

Unlike traditional supply chain attacks that execute malicious code during package installation, this campaign employs a more insidious approach. The embedded malicious code remains dormant until the compromised module is loaded by an application, generator, or build process. This delayed activation can result in prolonged exposure, as the malicious activity may go unnoticed for an extended period.

Security researchers from JFrog identified this activity by tracing the altered releases and decoding the downloaded payload. The affected packages were published through AsyncAPI’s legitimate GitHub Actions release workflow, utilizing npm’s OpenID Connect (OIDC) trusted-publisher integration. Despite carrying valid provenance attestations, the release process was compromised due to an unauthorized direct commit to the repository’s release-triggering branch.

This sequence of events underscores a critical vulnerability: while provenance can accurately trace the source repository and workflow, it cannot verify whether the code change itself was reviewed or authorized. In this case, the workflow functioned as designed, publishing code from the project, but the integrity of the code was compromised at the source.

The malicious code was strategically placed within ordinary source files, avoiding the use of preinstall, install, or postinstall scripts that might raise suspicion. Obfuscated and concealed using whitespace, the code initiates a detached child process upon loading the module. This process retrieves a second-stage payload from an InterPlanetary File System (IPFS) gateway, writes it to a user-profile directory under a plausible name, and executes it in the background.

The second-stage payload identifies itself as Miasma v3. While its broader codebase includes functions for credential theft, package propagation, AI-tool poisoning, and mutation, the observed configuration focuses on establishing persistence, enabling remote communications, executing shell commands, and replacing payloads, rather than automatic spreading.

Any project that includes an affected version may not have executed the malicious code. However, developer machines, documentation jobs, container builds, or continuous integration (CI) runners that loaded the compromised code should be considered potentially compromised.

Miasma v3 establishes encrypted communications and checks for new infrastructure or payloads. Its active command handler can execute arbitrary shell commands, return output, fetch replacement code from IPFS, and alter its callback interval, granting an operator control equivalent to that of the breached account.

This incident highlights the evolving sophistication of supply chain attacks. By embedding dormant malicious code within trusted packages, attackers can achieve persistent access to developer environments, posing significant risks to software integrity and security. Developers and organizations must exercise heightened vigilance, implementing robust code review processes and monitoring for unauthorized changes to mitigate such threats.