A Multi-Stage Dropper “Miasma” is back again in npm. The Shai-Hulud variant hits @vapi-ai, ai-sdk-ollama and other packages

Overview

Edit: Another wave of infected packages with a weaponized binding.gyp has hit npm, we are tracking this as more infections are to follow.

Thanks to Kirk from Derp.ca for helping us out on this.

Package Name (npm)

Affected Versions

discord-search

0.1.2

create-cf-token

1.1.3

@forjacms/analytics

1.8.4

@forjacms/client

1.8.4

@forjacms/sections

1.8.4

@forjacms/sections-react

1.8.4

dbmux

2.2.4

creditcard.js

3.0.60

github-archiver

1.5.5

@contaazul/n8n-nodes-contaazul

0.3.26

ORIGINAL POST:

An infostealer which we already covered in New Shai-Hulud hits npm: @redhat-cloud-services Compromised and in Six Stages Deep and an Endless Loo p: Shai-Hulud Is Getting Sophisticated is back again on npm, this time bypassing the “postintall” execution logic by using a preconfigured binding.gyp file, which has a similar behavior to the “postinstall” logic.

The malware as we’ve already discussed steals GitHub tokens, npm tokens, AWS, GCP & Azure cloud credentials, and local environment information.

The following string “Miasma – The Spreading Blight” is the malware’s signature for infected repositories in GitHub, first infection occured on 4 Jun 2026 02:46:12 +0800, in the same infected GitHub account (windy629) we reported in the “Six Stages Deep” analysis.

Who is affected

Anyone who installed the dependencies from the affected versions list (see below).

Impact

Total affected packages – 57
Total accumulated weekly downloads – 152,376
Total accumulated monthly downloads – 647,204
Over 118 repositories in GitHub with stolen credentials.

Recommended Actions

Rotate your keys and add 2FA to your accounts
Downgrade the affected packages to a safe version

Infection Analysis

We found over 118 infected repositories in GitHub containing stolen credentials, you can follow the infection as it spread in this link.

When searching for infected repositories in GitHub, we can see that the first commit containing the “Miasma – The Spreading Blight” string appeared on 4 June 2026.

Technical Analysis

Flow charts from our previous analysis were updated for this variant:

From a technical point of view, there are only two things separating this variant from past ones

Using the “binding.gyp” file which acts as the “preinstall” script
The GitHub repository string is now “Miasma – The Spreading Blight”, where other variations were
- “Miasma: The Spreading Blight”
- “Miasma : The Spreading Blight”

Also it is worth mentioning that the stage 5 dropper logic is currently not weaponized, but the same logic searching for a commit message with “firedalazer” still exists in the code.

The same public keys used in the previous attack exist in this code as well, which tells that this is indeed the same threat actors from the Red Hat compromise from a few days ago.

For a complete technical analysis of the variants, you can refer to these blogs

Conclusions

“Miasma – The Spreading Blight” is a case of TeamPCP copycats, using and modified Shai-Hulud code, after the group went open source 3 weeks ago.

After the recent blast of supply chain attacks using postinstall scripts, there is public pressure to do changes to the postinstall logic, either by blocking it in certain ways, removing it, or defining more specific use cases. But what we’re seeing now is that threat actors are learning and adapting even faster – by finding other ways to execute a “postinstall” logic, showing that they are well aware of the current state of defenders inspecting npm packages and how malware detection engines work.

Miasma Supply Chain Attack Is Back on npm, over ~600,000 Monthly Downloads Affected

Affected Packages

Package name

Affected versions

@evolvconsulting/evolv-coder-lite

1.2.0

@jagreehal/workflow

1.16.1

@vapi-ai/server-sdk

0.11.1, 0.11.2, 1.2.1, 1.2.2

ai-sdk-ollama

0.13.1, 1.1.1, 2.2.1, 3.8.5

autotel

2.26.4, 3.4.3

autotel-adapters

0.3.5

autotel-audit

0.1.15

autotel-aws

0.13.10

autotel-backends

2.12.26

autotel-cli

0.8.14

autotel-cloudflare

2.18.16

autotel-devtools

0.1.1, 1.0.4, 2.1.1, 3.0.2, 4.0.1, 5.1.1, 6.1.2

autotel-drizzle

0.0.27

autotel-edge

3.16.13

autotel-eventcatalog

1.0.1, 2.0.1, 3.0.1, 4.0.2, 5.0.1

autotel-hono

0.4.26

autotel-mcp

0.1.14, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 13.0.1, 14.0.1, 15.0.2, 16.0.1, 17.0.2, 18.0.1, 19.0.1, 20.0.1, 21.1.1, 22.0.1, 23.0.1, 24.0.1, 25.0.1, 26.0.2, 27.0.1, 28.0.3

autotel-mcp-instrumentation

29.0.2, 30.0.5, 31.0.1, 32.0.1, 33.0.2, 34.0.1

autotel-mongoose

0.0.3, 1.0.2, 2.0.5, 3.0.1, 4.0.1, 5.0.2, 6.0.1

autotel-pact

0.2.2, 1.0.3

autotel-playwright

0.4.32

autotel-plugins

0.19.26

autotel-sentry

0.5.13

autotel-subscribers

4.1.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.1.1, 15.0.1, 16.0.2, 17.0.1, 18.0.3, 19.0.1, 20.0.1, 21.0.1, 22.0.2, 23.0.2, 24.0.1, 25.0.1, 26.0.1, 27.0.2, 28.0.2, 29.0.6, 30.0.4, 31.1.4

autotel-tanstack

1.13.27

autotel-terminal

2.1.1, 3.0.1, 4.0.2, 5.0.1, 6.0.3, 7.0.1, 8.0.1, 9.0.1, 10.0.2, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.2, 16.0.2, 17.0.10, 18.0.4, 19.0.8, 20.0.2, 21.0.1, 22.0.2, 23.0.3

autotel-vitest

0.4.26

autotel-web

1.12.2

awaitly

1.33.3

awaitly-analyze

0.24.2, 1.1.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1

awaitly-libsql

0.1.1, 1.0.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.1.1, 19.0.1, 20.0.1, 21.0.1, 22.0.1

awaitly-mongo

0.1.1, 1.0.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.1.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.0.1, 19.1.1, 20.0.1, 21.0.1, 22.0.1, 23.0.1

awaitly-postgres

0.1.1, 1.0.1, 2.0.1, 3.0.2, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.0.1, 19.1.1, 20.0.1, 21.0.1, 22.0.1, 23.0.1

awaitly-visualizer

1.0.1, 2.0.2, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.1.1, 19.0.1, 20.0.2, 21.0.1, 22.0.2

effect-analyzer

0.3.1

eslint-plugin-awaitly

0.17.1, 1.0.1

eslint-plugin-executable-stories-jest

1.2.1, 2.1.8

eslint-plugin-executable-stories-playwright

1.2.1, 2.1.8

eslint-plugin-executable-stories-vitest

1.2.1, 2.1.8

executable-stories-cypress

3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.2

executable-stories-demo

0.1.11

executable-stories-formatters

0.11.2

executable-stories-init

0.1.2

executable-stories-jest

3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.2

executable-stories-mcp

0.3.3

executable-stories-playwright

3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.4.3

executable-stories-react

0.1.7

executable-stories-vitest

2.0.1, 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.3

http-uploader-dev

1.0.7

mountly

0.2.2

mountly-tailwind

0.1.3

node-env-resolver

6.5.1

node-env-resolver-aws

9.1.2, 10.0.1, 11.0.1, 12.0.1

node-env-resolver-dotenvx

1.0.1, 2.0.1

node-env-resolver-nextjs

7.4.2

node-env-resolver-vite

2.4.2

wrangler-deploy

1.5.5

The post 600,000 Monthly Downloads Affected: Miasma Supply Chain Attack Is Back on npm appeared first on OX Security.