Five harmful versions of AsyncAPI packages were uploaded to the Node Package Manager (npm) as part of a supply-chain attack that introduced a remote access trojan capable of stealing information.
The attacker took advantage of a poorly configured GitHub Actions workflow, releasing trojanized packages within the @asyncapi namespace, which collectively garnered over 2.25 million downloads weekly.
On July 14, multiple security firms verified that an attacker breached two AsyncAPI GitHub repositories and inserted malware into the project files.
A report from Step Security states, “Both attacks are CI/CD pipeline compromises, not stolen npm tokens or malicious maintainers.”
The researchers clarify that “the attacker pushed commits under a placeholder git identity and allowed the actual release workflow of each repository to handle the publishing through npm’s GitHub OIDC trusted-publisher integration.”
This method ensured that the compromised packages carried legitimate SLSA provenance attestations, signifying they were produced by an authorized workflow.
The malicious AsyncAPI packages that were uploaded to npm include:
- @asyncapi/generator 3.3.1 (101k weekly downloads)
- @asyncapi/generator-helpers 1.1.1 (43k weekly downloads)
- @asyncapi/generator-components 0.7.1 (34k weekly downloads)
- @asyncapi/specs 6.11.2-alpha.1 and 6.11.2 (2.1 million weekly downloads)
According to application security firm Socket, the initial implant in the published packages is an obfuscated JavaScript statement that activates a downloader when the infected file is imported.
A second-stage script, which includes configuration details and the main runtime, is fetched from the IPFS peer-to-peer content delivery network and executed as a hidden process.
Wiz, a cloud and application security company, states that the third-stage payload “is a 92,000-line malware framework with modular architecture,” which maintains persistence on the system and communicates with the command-and-control (C2) server through various channels: HTTP, Nostr relays, Ethereum smart contracts, and a libp2p mesh network.
While the final payload utilizes artifact names and configuration files associated with the Miasma backdoor observed in previous supply-chain attacks, SafeDep researchers suspect that the malware is “either a private, parallel build by the same operators or a different group that adopted the Miasma brand after the source was published.”
The malware’s objective seems to be the theft of secrets, which encompass credentials, authentication keys, tokens, browser data, sensitive information from CI/CD systems and AI developer tools, cryptocurrency wallets, and databases.
Moreover, the malware code enables it to download the Gitleaks and HackBrowserData tools to assist in gathering sensitive information.
However, a report from cybersecurity firm Aikido indicates that all these functionalities are non-operational, and the data harvesting tool exits before collecting any data. Nonetheless, researchers assert that all of this can be executed manually using the shell.
Ox Security also observed that the malware conducts a local check for Russia, and if a match is found, it terminates its process.
As of this writing, all five versions of the four malicious packages have been removed from npm, but developers should be aware that existing installations and lock files created during the exposure period may still harbor the malicious releases.
The exposure period lasted approximately four hours and seven minutes, from 07:10 to 11:18 UTC on July 14.
The recommended course of action is to pin to known-good files, regenerate lock files, eliminate the hidden ‘NodeJS/sync.js’ payload, terminate all malicious processes, and rotate credentials on the affected systems.
Test every layer before attackers do. Security teams log 54% of successful attacks and only alert on 14%. The remainder navigate through your environment unnoticed.
The Picus whitepaper illustrates how breach and attack simulation tests your SIEM and EDR rules to prevent threats from evading detection.
Get the whitepaper
Source: Original article
