Red Hat npm Packages Hit by Shai-Hulud Supply Chain Attack

A new supply chain attack dubbed "Miasma" has compromised at least 32 npm package releases published under Red Hat's official cloud services namespace, affecting an estimated 80,000 weekly downloads. Security researchers from Wiz traced the infection to a Red Hat employee's compromised GitHub account.

The malicious packages contain a variant of the Mini Shai-Hulud malware—a credential-stealing worm that the cybercriminal group TeamPCP recently open-sourced on underground forums. This latest campaign represents the third major wave of Shai-Hulud infections in 2026.

How the Attack Works

On June 1, 2026, multiple npm packages in the @redhat-cloud-services scope were published with malicious versions containing a 4.1 MB obfuscated JavaScript preinstall hook. The infection chain unfolds in stages:

1. A Caesar cipher-shifted wrapper executes during package installation
2. The wrapper decodes AES-128-GCM encrypted payloads
3. The payload downloads the Bun JavaScript runtime
4. A 620 KB credential stealer executes, targeting developer workstations

The packages were published via GitHub Actions OIDC authentication, indicating attackers compromised the CI/CD pipeline rather than stealing an npm token directly.

What Gets Stolen

The Miasma payload aggressively harvests credentials that developers typically store on workstations:

• AWS, GCP, and Azure access keys and tokens
• GitHub Actions tokens and OAuth credentials
• HashiCorp Vault tokens
• Kubernetes credentials and kubeconfig files
• SSH private keys
• npm and PyPI publish tokens
• Environment variables containing secrets

The stolen credentials are exfiltrated to attacker infrastructure over encrypted channels, making network-based detection difficult.

Affected Packages

Wiz identified compromised versions across the @redhat-cloud-services namespace, including packages used for cloud console integrations and internal tooling. The affected packages include vulnerabilities-client, tsc-transform-imports, and topological-inventory, among others.

Organizations using any @redhat-cloud-services packages should audit their dependency trees immediately. The npm audit command can identify affected versions.

Connection to Previous Attacks

This attack follows a pattern established by earlier supply chain compromises targeting developer infrastructure. The Mini Shai-Hulud variant shares code lineage with malware observed in GitHub Actions compromises earlier this year.

Red Hat's incident response team confirmed the compromise on June 2 and has begun the process of removing malicious versions from the npm registry. Affected package versions will be replaced with clean releases.

Why This Matters

Developer supply chain attacks have become increasingly sophisticated in 2026. Attackers recognize that compromising a single popular package can yield access to thousands of downstream organizations. With 80,000 weekly downloads, the Red Hat cloud services packages represent a high-value target.

The use of GitHub Actions OIDC for publishing—rather than traditional npm tokens—shows attackers adapting to modern CI/CD security practices. Organizations that assumed OIDC-based publishing was more secure now face evidence that pipeline compromise can be just as effective as token theft.

Recommended Actions

1. Audit dependencies immediately using npm audit or tools like Socket.dev
2. Rotate credentials on any system where affected packages were installed
3. Review CI/CD logs for unexpected package installations since June 1
4. Enable npm provenance checks to verify package build attestations
5. Pin dependency versions rather than using semver ranges

For organizations seeking to understand the broader malware threat landscape, this incident reinforces the need for defense-in-depth across the software supply chain.