The highly contagious “Miasma” software supply chain worm is aggressively compromising developer environments by hijacking GitHub Actions workflows and planting malicious configuration hooks that weaponise local AI coding agents.
The Miasma malware campaign represents a critical escalation in software supply chain security, functioning as a highly contagious, self-propagating worm that explicitly targets developers, package registries, and cloud pipelines. Originally derived from the open-source Mini Shai-Hulud toolkit published in mid-May 2026, the worm abandons traditional ransomware tactics in favour of an automated ecosystem flywheel.
It infects development environments, harvests authentication keys, and immediately weaponises those stolen credentials to poison downstream repositories, package namespaces, and organisations in an exponential loop. Operating heavily within legitimate development workflows, the malware effortlessly evades traditional software bill-of-materials and static code analysis tools.
Early waves hijacked Red Hat employee credentials to push backdoored packages directly into the @redhat-cloud-services npm registry using trusted OpenID Connect publishing pipelines, yielding authentic cryptographic signatures. Later variants utilised a “Phantom Gyp” technique via binding.gyp files to trigger execution on installation, alongside malicious configuration hooks tailored for AI coding tools like Claude Code, Cursor, and Gemini CLI.
The moment a developer interacts with a poisoned repository using their AI agent, the tooling automatically executes the malware payload without requiring manual package installation. Once active on a local workstation or cloud-hosted runner, the payload aggressively extracts repository secrets by scanning runner memory directly, while vacuuming cloud control plane access keys from AWS, Azure, and Google Cloud metadata services.
“On June 24, 2026 at 15:39:06 UTC, an attacker force-pushed a malicious commit to codfish/semantic-release-action and redirected several version tags to point at the malicious commit,” said StepSecurity. The blast radius has severely impacted core open-source infrastructure, forcing GitHub security staff to disable 73 Microsoft-affiliated repositories to halt a rapid infection chain. Threat intelligence confirms that the Miasma toolkit has actively expanded its territory beyond JavaScript and Python ecosystems, successfully jumping boundaries to compromise the Go module architecture and cloud-native serverless systems.
