Researchers at security vendor Aikido have detected over 30 compromised Red Hat Cloud Services packages on the open source npm registry, with malware similar to the recently open-sourced Mini Shai-Hulud worm.
The enterprise Linux vendor confirmed the attack to iTnews and said the software was never published for customer use.
“Red Hat is aware of security reports regarding certain npm packages within our developer tooling system,” a company spokesperson said.
“We immediately initiated an investigation and removed the packages from the npm registry.
“While our investigation is ongoing, we have not identified any impact to customer or partner environments or Red Hat production systems,” the spokesperson added.
The packages in question are strictly limited to internal development, and the malicious code was never published for customer consumption via the console.redhat.com system, the spokesperson added.
In its analysis, Aikido said the worm, which has dropped earlier Dune sci-fi novel references in favour of calling itself Miasma, struck 96 versions across 32 packages on the Node package manager (npm) registry.
Added up, the popular Red Hat packages have seen over 115,000 downloads per week, Aikido said.
Aikido added the malware injection bypassed GitHub’s trusted publishing defence mechanism, as the attacker had compromised a Red Hat employee’s account on the open-source code repository, to gain access to the continuous integration/continuous deployment (CI/CD) pipeline.
Package maintainers can use trusted publishing to publish to registries such as npm without storing static, long-lived application programming interface (API) tokens, or passwords, in their CI/CD pipelines.
Instead, trusted publishing’s workflow uses short-lived OpenID Connect (OIDC) tokens generated by, for example, GitHub Actions, the moment the pipeline runs.
With access to the Red Hat employee’s account, the threat actor was able to publish malicious orphan commits directly to several repositories which in turn bypassed code review entirely and essentially using the CI/CD pipeline as the attack surface.
Aikido found several likenesses between the earlier Mini Shai-Hulud self-replicating malware that the TeamPCP threat actors released as open-source, and the current worm which calls itself Miasma.
Like the Mini Shai-Hulud malware in prior supply chain attacks, Miasma attempts to steal cloud credentials such as Amazon Web Services and Google Cloud Platform access keys and service tokens.
It also sweeps for Microsoft Azure credentials, HashiCorp Vault tokens, SSH private keys, .env files and other secrets developers might have on their file systems.
Aikido suggested that developers who had installed any packages from the @redhat-cloud-services scope since June 1 2026 should consider all CI secrets, cloud credentials, SSH keys and npm tokens as compromised, and rotate them immediately.
