Multiple @asyncapi npm packages were compromised in a software supply-chain attack that inserted a multi-stage malware loader into widely used developer tooling with roughly 2 million weekly downloads. Reports identified malicious versions including @asyncapi/generator-helpers@1.1.1, @asyncapi/generator-components@0.7.1, @asyncapi/generator@3.3.1, and additional trojanized packages in the namespace, with one analysis counting five affected packages. The injected code was hidden in src/utils.js and triggered during normal require() or import execution rather than npm lifecycle hooks, spawning a detached Node.js child process that fetched an encrypted second-stage payload from IPFS and wrote it to disk as sync.js in user-specific directories across macOS, Linux, and Windows.
Researchers said the second stage was a Miasma variant or related botnet framework that established persistence, beaconed to 85.137.53.71:8080, and enabled remote shell access for arbitrary command execution. Analyses also described broader built-in capabilities for file operations, credential harvesting, evasion, propagation, mutation, and destructive actions, though some of those functions were reportedly disabled in the observed build. Security firms warned that developer workstations and CI environments using the affected packages may have been exposed, advised avoiding the malicious versions, upgrading once clean releases are available, inspecting systems for compromise, and rotating potentially exposed credentials; one report added that @asyncapi/specs@6.11.2-alpha.1 remained directly downloadable even after removal from registry metadata.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
OX Security reported that the AsyncAPI malware was embedded directly in affected packages' main JavaScript files and used a primary C2 server at 85.137.53.71 with IPFS and BitTorrent fallback channels. The report also said the payload attempted self-propagation via stolen npm, PyPI, or Cargo tokens and included anti-analysis checks, while suggesting Miasma references were likely false-flag misdirection.
Upwind disclosed that the AsyncAPI supply-chain attack involved breaches of multiple repositories and publishing pipelines, including at least two GitHub repositories and a second independent repository. The report said attackers targeted different release branches and abused different OpenID Connect publishing identities to push backdoored packages through official channels.
Researchers noted that @asyncapi/specs@6.11.2-alpha.1 was still directly downloadable as a tarball even after removal from npm registry metadata. This indicated at least one malicious artifact remained accessible despite mitigation steps.
Security researchers publicly reported that the AsyncAPI npm organization had been compromised in a supply-chain attack affecting widely used developer-tooling packages. The disclosures described the malware as a Miasma or Shai-Hulud Miasma evolution and warned of risks including remote shell access, persistence, credential exposure, and follow-on compromise.
Malicious versions of multiple @asyncapi packages were published to npm, including versions identified across the reports such as @asyncapi/generator-helpers 1.1.1, @asyncapi/generator-components 0.7.1, @asyncapi/generator 3.3.1, and additional trojanized packages noted by other researchers. The packages contained a multi-stage downloader that fetched a second-stage Miasma variant from IPFS and executed it during normal module import.
Aikido reported that the AsyncAPI npm compromise allegedly began when an attacker exploited a pull_request_target GitHub Actions workflow issue in the asyncapi/generator repository to steal an npm publish token. The report said this access was then used to publish trojanized AsyncAPI packages to npm.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
14 references tracked. Mallory keeps watching after this page renders.
securityaffairs.com
Open sourcethehackernews.com
Open sourceupwind.io
Open sourcehackread.com
Open sourceaikido.dev
Open sourceaikido.dev
Open sourcesocket.dev
Open sourcestepsecurity.io
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.