​ ​AsyncAPI npm packages infected with credential-stealing malware

​ ​AsyncAPI npm packages infected with credential-stealing malware
Five malicious AsyncAPI packages were published to npm in a supply-chain attack that used compromised GitHub Actions workflows to deliver a remote access trojan with data-stealing capabilities. The attack affected widely used @asyncapi packages, leveraged legitimate publishing pipelines and SLSA attestations, and targeted secrets, browser data, wallets, and CI/CD credentials. #AsyncAPI #GitHubActions #npm #Miasma

Keypoints

  • Attackers compromised two AsyncAPI GitHub repositories and injected malware into project files.
  • Five trojanized packages were published in the @asyncapi namespace on npm.
  • The supply-chain attack abused a misconfigured GitHub Actions workflow and trusted-publisher integration.
  • The malware used multiple stages, including IPFS retrieval and a modular framework with persistence.
  • The payload targeted secrets, credentials, wallets, databases, and CI/CD data before being removed from npm.

Read More: https://www.bleepingcomputer.com/news/security/-asyncapi-npm-packages-infected-with-credential-stealing-malware/