Security researchers from several companies have recorded a new wave of supply chain attacks linked to the Mini Shai-Hulud, Miasma, and Hades malware families. At least 23 npm packages in the LeoPlatform and RStreams ecosystems, as well as a Go module from the Verana Blockchain project, have been compromised. The campaign aims to steal credentials of developers and maintainers and then propagate further via package registries, GitHub repositories, and CI/CD pipelines. Organizations using these packages in cloud and serverless workloads must immediately audit dependency versions and rotate all potentially compromised tokens.
Affected packages and scope of compromise
According to Socket data, the new attack wave impacts the following npm packages with specific trojanized versions:
- [email protected], [email protected]
- [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
- [email protected], [email protected], [email protected], [email protected], [email protected]
- [email protected], [email protected], [email protected], [email protected]
- [email protected], [email protected], [email protected]
- [email protected], [email protected], [email protected]
- Go module: github.com/verana-labs/[email protected]
As StepSecurity reports, the attackers are believed to have compromised the npm account of a LeoPlatform maintainer and used its token to publish the trojanized versions within a six-second window — indicating a high degree of automation.
Technical anatomy of the attack
The malicious npm packages use an unconventional approach to code execution at install time. Instead of the typical lifecycle hooks in package.json, they leverage the binding.gyp file — the build mechanism for native Node.js modules, which can run arbitrary code during package installation. This technique helps evade static analysis tools that focus on inspecting the scripts section in package.json.
The infection chain looks as follows:
- binding.gyp launches a JavaScript loader when the package is installed
- The loader checks for the presence of the Bun runtime and installs it if missing
- The main payload is executed — a stealer that collects secrets, credentials, and tokens
- The malware injects a GitHub Actions workflow named “Run Copilot”, which extracts CI/CD environment secrets from the runner’s memory
- The collected data is encrypted and exfiltrated to public GitHub repositories
According to researchers, the malware includes a kill switch for systems with a Russian locale and checks for endpoint protection tools before executing the main payload.
Indicators of compromise
Researchers have identified several characteristic string markers used in the campaign:
- “Alright Lets See If This Works” — description of GitHub repositories used as drop points for stolen data. At the time of publication, 559 repositories matched this description
- “RevokeAndItGoesKaboom” — the current token relay marker, which replaced the previously used “IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner”
- “firedalazer” — a string in GitHub commits that the malware polls the platform for every hour to fetch and execute the Hades variant
Connection to the codfish/semantic-release-action compromise
The “RevokeAndItGoesKaboom” marker links this campaign to the recent compromise of the codfish/semantic-release-action GitHub Action. According to a StepSecurity report, on June 24, 2026 at 15:39:06 UTC an attacker performed a force-push of a malicious commit and retargeted several version tags to that commit. All workflows that used the compromised tags after that time executed the attacker’s payload directly on the GitHub Actions runner.
In this case, researchers state that the payload stole GitHub OIDC tokens, collected personal access tokens (PATs), encrypted the material using AES-128-GCM, and attempted to propagate the backdoor to other accessible repositories. The use of shared markers indicates that all of these incidents belong to a single operational cluster or a shared tooling base.
Expansion to the Go ecosystem
The compromise of the Verana Blockchain Go module marks an expansion of the campaign beyond npm. However, as Socket notes, this sample does not use binding.gyp and does not rely on Go’s module resolution or build mechanisms. Instead, the threat is realized through code execution in the context of the source repository: a developer who clones or opens the repository in a trusted IDE or AI coding assistant may inadvertently trigger the malicious payload via project configuration.
This represents a fundamental shift in tactics: Miasma moves between package ecosystems, targeting developer workflows rather than only package manager install hooks.
Impact assessment
As JFrog notes, the Leo/RStreams package set is associated with cloud and serverless workloads. Compromise of these packages potentially affects:
- Developer workstations
- CI/CD systems and deployment pipelines
- AWS-based applications
- GitHub repositories and credentials used for publishing packages
- Downstream consumers of the compromised packages
The key danger of the campaign lies not in a radically novel payload, but in Shai-Hulud’s ability to systematically move between legitimate package ecosystems, changing indicators just enough to render outdated detections ineffective.
Response recommendations
- Immediate dependency review: compare the versions of all listed packages in use against the compromised versions. Use
npm lsorgo list -m allfor inventory - Secret rotation: if compromised versions are found, rotate all npm tokens, GitHub PATs, OIDC tokens, AWS keys, and any other secrets accessible from affected environments
- GitHub Actions audit: review workflows for the presence of a workflow named “Run Copilot” or references to codfish/semantic-release-action. Pin all Actions you use to specific commit hashes instead of version tags
- IOC search: scan logs for the strings “Alright Lets See If This Works”, “RevokeAndItGoesKaboom”, and “firedalazer” in network traffic and repository configurations
- binding.gyp monitoring: configure alerts in dependency analysis tools for the appearance of binding.gyp files in packages that are not native modules
- IDE environment checks: when working with cloned repositories from untrusted sources, disable automatic execution of project configuration scripts in IDEs and AI assistants
The Shai-Hulud/Miasma campaign demonstrates a resilient model of a self-propagating supply chain attack, where each compromised developer account becomes a vector for infecting new ecosystems. The top priority for teams using LeoPlatform, RStreams, or Verana Blockchain packages is the immediate pinning of dependency versions, rotation of all secrets from potentially affected CI/CD environments, and migration to pinning GitHub Actions by commit hash instead of mutable tags.
