Miasma, a credential-stealing attack framework tied to supply-chain attacks, was briefly open-sourced on GitHub after being leaked through compromised developer accounts. It evolves from Shai-Hulud, steals cloud and build credentials, and uses GitHub to spread trojanized packages across ecosystems like npm, PyPI, RubyGems, and JFrog Artifactory. #Miasma #ShaiHulud #GitHub #npm #PyPI #RubyGems #JFrogArtifactory
Keypoints
- Miasma is a worm-like framework that propagates through supply-chain attacks.
- It evolved from the earlier Shai-Hulud malware and shares code and techniques.
- The malware steals cloud, CI/CD, password manager, Kubernetes, and secret store credentials.
- It abuses GitHub to compromise repositories, workflows, and package ecosystems without C2 infrastructure.
- Leaked code includes a dead-man switch and advanced obfuscation to evade detection.
Read More: https://www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/