RSS

Miasma Supply Chain Attack Toolkit Source Code Leaked on GitHub

birdculture1 pts0 comments

Inside the Miasma Software Supply Chain Attack Toolkit - Real-time Open Source Software Supply Chain Security<br>Login Book a Demo 1.5k

Back<br>Vet<br>Scan and govern your dependencies across every PR and build.

PMG<br>Block malicious packages at install-time, before they enter your codebase.

xbom<br>Generate AI-enriched BOMs using real code evidence, not just manifests.

GRYPH<br>Monitor every AI coding agent action across your projects and workflows.

BackDiscover & Monitor<br>SCA & SBOMScan dependencies, generate SBOMs, enforce policy.

AI Agent DiscoverySee every AI tool and SDK in your org.

AI Agent MonitoringAudit every action your AI agents take.

Protect<br>Developer SecurityBlock malicious packages at install-time.

CI/CD SecurityBlock malicious packages in your pipeline.

MCP ServerBlock threats inside your AI coding agent.

Agent APIThreat intelligence API for custom agents.

Threat IntelligenceReal-time malicious package verdicts.

Govern<br>Endpoint ProtectionPackage events & AI inventory in the cloud.

PlatformCentralized policies, dashboard, compliance.

Login Book a Demo 1.5k

Back to Blog

Inside the Miasma Software Supply Chain Attack Toolkit<br>Malware

SafeDep Team<br>• Jun 9, 2026 • 22 min read

Table of Contents

Open Source · Free<br>Protect your projects from malicious packages<br>PMG wraps your favorite package manager to block malicious packages at install time

Get PMG on GitHub

The infamous Miasma worm goes open source. Multiple GitHub repositories with name Miasma-Open-Source-Release started appearing since yesterday. Most of them are likely published through compromised developer accounts. We have seen this in the past when Team PCP open sourced the Mini Shai-Hulud payload which in turn, likely motivated further software supply chain attacks.<br>We managed to obtain the source code from one such repository (yanked now). As the developers of PMG, we are continuously looking to update our benchmark of attacker TTPs against which we evaluate PMG, especially its sandbox features.<br>In this blog, we do a deep-dive analysis of the Miasma-Open-Source-Release source code obtained from one of the public GitHub repositories.<br>TL;DR<br>The Miasma codebase appears to be larger than a supply chain worm. It is a full supply chain attack toolkit that allows the operator to execute various attacks via stolen credentials against arbitrary or targeted packages on public registries (PyPI, npm, RubyGems), JFrog Artifactory, GitHub repositories and GitHub Actions, AI coding tools config poisoning, SSH based lateral movement and other attack vectors.<br>Some of the interesting findings from the analysis:<br>Bypasses GitHub environment protection rules to trigger deployments. Details<br>Generates valid Sigstore provenance bundles for trojanized npm packages. Details<br>Three independent C2 channels using GitHub commit search, each with a different search string and crypto key. Details<br>Dead-man switch that wipes the victim’s home directory if the stolen PAT is revoked. Details<br>Victim PATs embedded in exfiltration commits create a self-perpetuating flywheel for future worm instances. Details<br>Hijacks GitHub Actions semver tags via orphan commits with cloned author metadata. Details<br>Injects into 13 AI coding tools (Claude, Gemini, Cursor, Copilot, Kiro, Cline, and others). Details<br>Living off the pull request (LOTP) technique injects payload into existing project files across 12+ languages. Details<br>Credential harvesting from AWS, Azure, GCP, Kubernetes, HashiCorp Vault, and password managers (1Password, Bitwarden). Details<br>Dumps GitHub Actions runner memory via /proc to extract secrets not exposed as env vars. Details<br>5-layer build obfuscation with per-build random keys, making each compiled payload unique. Details<br>Targets npm, PyPI, and RubyGems via both stolen auth tokens (fast path) and OIDC trusted publishing (slow path). Details<br>MCP-suffixed typosquatting mode for PyPI packages. Details<br>GitHub as a Common and Control Infrastructure<br>We have been tracking TeamPCP, Mini Shai-Hulu, Miasma and other related campaigns. One of the common observation is, attackers are moving away from custom C2 infrastructure which requires maintenance, warming and safeguarding. Instead, they are now leveraging GitHub as a full-fledged C2 infra for remote command execution, configuration, exfiltration. This is a key behavioural shift because, traditional network based detection and protection tools rely on baselining and anomaly detection. Defenders now have to operate closer to application protocol to identify behavioural anomaly instead of network based anomalies.<br>High Level Architecture<br>The repository consists of the following files:

-rw-r--r--@ 1 dev staff 45802 9 Jun 07:46 ARCHITECTURE.MD

-rw-r--r--@ 1 dev staff 80029 9 Jun 07:46 bun.lock

-rw-r--r--@ 1 dev staff 85 9 Jun 07:46 bunfig.toml

-rw-r--r--@ 1 dev staff 740 9 Jun 07:46 eslint.config.js

-rw-r--r--@ 1 dev staff 6953 9 Jun 07:46 INTEGRATION_TESTING.md

-rw-r--r--@ 1 dev staff 1036 9 Jun 07:46 LICENSE

-rw-r--r--@...

details github miasma source packages supply

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.