Miasma worm – The credential-stealing “Miasma” worm framework—linked to supply-chain attacks—was briefly leaked on GitHub through multiple compromised developer accounts, according to SafeDep. The leaked code showed an autonomous mechanism that can work without command-and-
A credential-stealing worm framework called “Miasma” didn’t just threaten open-source ecosystems—it briefly showed up in public.
SafeDep reported yesterday that the Miasma source code was leaked on GitHub via numerous compromised developer accounts. In each of those accounts. the threat actors posted the code in a repository named “Miasma-Open-Source-Release.” The way it appeared across many accounts carried a clear message: this wasn’t treated like an accident. The code was released on purpose, much like an earlier incident involving the Shai-Hulud worm.
Miasma is described as an evolution of the earlier Shai-Hulud worm, a worm that had previously been leaked on GitHub and shared much of the same features, techniques, and even code.
The malware’s basic method starts with a developer machine. It steals the build environment and cloud credentials, then uses those access details to compromise legitimate repositories and packages. From there, it publishes trojanized versions designed to infect downstream developers—keeping the cycle moving. The self-propagating, worm-like mechanism matters because it can turn a single breach into something wider through the software supply chain.
SafeDep also connected Miasma to high-profile attacks against Red Hat npm packages and, more recently, 73 Microsoft repositories on GitHub.
What makes the leak more alarming is what the code showed about how it operates. SafeDep’s analysis found that the toolkit requires no command-and-control (C2) infrastructure. Instead, it uses GitHub for that purpose.
Once running, the framework harvests credentials from cloud providers, CI/CD systems, password managers, Kubernetes, and secret stores. It then abuses those credentials to compromise npm. PyPI. and RubyGems packages. as well as GitHub repositories. Actions workflows. and JFrog Artifactory instances. The code also showed lateral movement through SSH and AWS Systems Manager (SSM).
The leaked material even pointed to targeting the tools developers use to write code. It can poison configurations of AI coding tools including Claude, Gemini, Cursor, Copilot, Kiro, and Cline.
Among the details. one feature stood out with a grim kind of practicality: a “dead-man switch.” The code installs it when the malware uses a victim’s stolen GitHub token as an exfiltration channel. The component monitors the token’s validity every minute. If the token is revoked. it executes a destructive command—recursively deleting files and directories in the user’s home and Documents folders using rm -rf ~/ and rm -rf ~/Documents.
SafeDep said the monitor runs as a systemd user service on Linux or a LaunchAgent on macOS, and remains active for up to 72 hours.
The leak also revealed a five-stage build pipeline designed to generate unique payloads for each build. SafeDep reported that the process combines per-file AES-256-GCM encryption of embedded assets. randomized string obfuscation. source transformations. JavaScript obfuscation. and a self-extracting loader that wraps the final payload in three layers of encryption. Random keys and a randomized outer encoding layer ensure each generated sample differs from previous builds—making signature-based detection and static analysis harder.
There’s a painful rhythm in how this kind of disclosure spreads. SafeDep noted that the leak of Shai Hulud led to the release of more advanced variants like Miasma. alongside increased attack rates. Similarly. SafeDep said the leak of Miasma’s source code is expected to have a similar effect as threat actors adopt the code and adjust it.
For developers, the advice now is direct: pin project dependencies, introduce multi-day delays before adopting newly released package updates, and validate new builds in isolated test environments.
Miasma worm GitHub leak credential stealing supply-chain attacks open-source security Shai-Hulud npm PyPI RubyGems CI/CD Dead-man switch SafeDep