VYPR
breachPublished Jul 14, 2026· 2 sources

AsyncAPI npm Packages Compromised via GitHub Actions, Delivering Remote Access Implant

Five AsyncAPI npm packages with nearly 3 million weekly downloads were compromised through a GitHub Actions supply chain attack, injecting a remote-access implant.

A significant supply chain attack has compromised five popular AsyncAPI npm packages, collectively downloaded nearly 3 million times weekly. The attackers exploited a vulnerability in GitHub Actions' pull_request_target trigger to steal an npm publishing token. This token was then used to publish trojanized versions of the packages, which contained a sophisticated remote-access implant designed to compromise development workstations and build servers.

The incident, identified by Aikido analysts, began in the AsyncAPI generator repository. The pull_request_target trigger in the GitHub Actions workflow allowed repository secrets, including the npm publishing token, to be exposed when processing pull requests from external sources. The attacker successfully exfiltrated the token and used it to publish malicious code into the following package versions: asyncapi-specs 6.11.2 and 6.11.2-alpha.1, asyncapi-generator 3.3.1, asyncapi-generator-helpers 1.1.1, and asyncapi-generator-components 0.7.1.

The malicious code was embedded within the packages' runtime modules, meaning that simply requiring the package could trigger the infection chain without needing to execute specific lifecycle scripts. This stealthy approach posed a substantial risk, as it could affect build processes and development environments without obvious signs of compromise. The injected code downloaded an encrypted Node.js loader from IPFS, saved it as sync.js, and executed it in a detached process, establishing persistence across different operating systems.

Upon execution, the implant generated a cryptographic key pair, maintained a lock file, and attempted to establish persistence through OS-specific mechanisms. On macOS, it modified shell startup files; on Windows, it created a Run registry value; and on Linux, it wrote a user service file. The malware then contacted a command-and-control (C2) server via HTTP approximately every 30 seconds, sending encrypted beacons that included environment information and checked for developer tool configuration files.

While the observed build had certain reconnaissance and self-spreading functions disabled, the core remote shell capability remained active. This allowed attackers to execute arbitrary shell commands, presenting a significant threat for data exfiltration and further network lateral movement. The use of HTTP for C2 communication also introduced a potential risk of command injection if the encrypted channel was not consistently used.

To mitigate the threat, organizations are advised to downgrade to the unaffected versions: asyncapi-specs 6.11.1, asyncapi-generator 3.3.0, asyncapi-generator-helpers 1.1.0, and asyncapi-generator-components 0.7.0. It is crucial to remove the compromised releases from all manifests, lock files, caches, internal mirrors, and build images. Security teams should actively hunt for systems that imported the affected modules, isolate suspected hosts, and preserve volatile data for forensic analysis.

Furthermore, any credentials accessible from compromised developer devices or build hosts should be considered exposed. This necessitates a comprehensive security response, including rotating npm tokens, source control access, cloud credentials, CI/CD secrets, SSH keys, and signing keys. Rebuilding compromised systems from a clean state is also recommended. Network investigations should focus on connections to the identified C2 server, IPFS, and other related network protocols and services associated with the Node processes.

This incident underscores the persistent and evolving threat posed by supply chain attacks, particularly within the popular npm ecosystem. The exploitation of CI/CD pipelines and developer tools highlights the need for robust security practices throughout the software development lifecycle, including rigorous code review, dependency scanning, and secure configuration of CI/CD environments.

The Miasma backdoor has resurfaced, infecting four AsyncAPI npm packages through a compromised GitHub Actions release workflow. Unlike previous incidents, this campaign's malicious code activates when affected modules are loaded, not during installation, establishing persistent remote access and executing arbitrary commands across Linux, Windows, and macOS. The attackers leveraged npm's OIDC trusted-publisher integration, meaning the packages carried valid provenance attestations despite an unauthorized commit to the repository's release-triggering branch.

Synthesized by Vypr AI