Five malicious AsyncAPI packages were pushed to npm in a supply‑chain breach that delivered a remote‑access trojan capable of stealing credentials. The attack exploited a misconfigured GitHub Actions workflow to masquerade as a trusted publisher.
Key Takeaways
- Five malicious npm packages were released under the @asyncapi namespace
- Combined weekly downloads exceeded 2.25 million, giving the trojan wide reach
- The payload is designed to harvest credentials, tokens, and other sensitive data
On July 14, 2026, security researchers uncovered that two AsyncAPI GitHub repositories had been compromised and malicious code injected into their source files. The compromised code was published as five distinct npm packages, some of which were downloaded more than 100 k times per week, and together accounted for over 2.25 million weekly installations.
How the Attack Bypassed Trust Mechanisms
The threat actor abused a misconfigured GitHub Actions workflow. By committing under a placeholder Git identity, the attacker let the repository’s genuine release workflow publish the packages via npm’s GitHub OIDC trusted‑publisher integration. This ensured that each package carried valid SLSA provenance attestations, convincing CI/CD pipelines and dependency scanners that the artifacts were legitimate.
Layered Malware Architecture
The first stage consists of an obfuscated JavaScript snippet that, when the infected module is imported, triggers a downloader. The second stage fetches a script from the IPFS peer‑to‑peer network and runs it as a hidden process. The third stage is a 92,000‑line modular framework that establishes persistence and communicates with a command‑and‑control server over multiple channels—including HTTP, Nostr relays, Ethereum smart contracts, and a libp2p mesh network.
Intended Theft and Potential Impact
The malware’s primary goal is to exfiltrate a wide range of secrets: cloud credentials, authentication tokens, browser data, CI/CD system logs, AI developer‑tool keys, cryptocurrency wallets, and database dumps. It attempts to download tools such as Gitleaks and HackBrowserData to automate data collection, although some reports note that these tools fail to execute in the current campaign.
Mitigation Steps and Recommendations
All five malicious versions have been removed from npm, but developers must assume that any installations made during the four‑hour exposure window (07:10–11:18 UTC, July 14) may still be present in lock files or local caches. Recommended actions include pinning dependencies to known‑good versions, regenerating lock files, deleting the hidden NodeJS/sync.js payload, terminating any suspicious processes, and rotating all compromised credentials.