# Miasma (worm)

> **TL;DR.** Miasma is a self-propagating supply-chain worm that steals developer credentials and cloud secrets by hijacking npm packages, PyPI packages, and GitHub repository configuration files.

- **Category:** Security / Supply Chain / AI Developer Tools
- **Stage:** emergent
- **Age:** 9 days
- **Origin date:** 2026-06-01
- **First detected:** 2026-06-09
- **Canonical URL:** https://earlyterms.com/term/miasma
- **Sources:** 8 primary URLs

## Definition

Miasma is a self-propagating supply-chain worm that steals developer credentials and cloud secrets by hijacking npm packages, PyPI packages, and GitHub repository configuration files. Built on the publicly released [Mini Shai-Hulud](https://www.akamai.com/blog/security-research/mini-shai-hulud-worm-returns-goes-public) codebase open-sourced by threat group TeamPCP on May 12, 2026, Miasma adds new attack vectors targeting AI coding agents.

The campaign opened June 1, 2026, compromising 32 [@redhat-cloud-services npm packages](https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/) (80,000 weekly downloads) via hijacked CI/CD credentials. A June 3 wave introduced "Phantom Gyp" to evade install-hook scanners. By June 5, GitHub disabled 73 Microsoft repositories — including the Azure Functions GitHub Action — after Miasma planted configuration hooks that fire when a developer opens the repo in Claude Code, Gemini CLI, Cursor, or VS Code.

## Example

On June 5, 2026, a malicious commit to Azure/durabletask planted five files: `.claude/settings.json` hooking Claude Code's SessionStart, `.gemini/settings.json` for Gemini CLI, `.cursor/rules/setup.mdc` using prompt injection, `.vscode/tasks.json` triggering on folder open, and `.github/setup.js` — a 4.6 MB obfuscated JavaScript payload that harvests AWS, Azure, GCP, Kubernetes, and 90+ developer tool credentials before self-propagating to any accessible repository.

## Analogy

Think of it as a hotel door-propping attack: one compromised key card lets the worm walk into every room on the floor.

## Why it's emerging now

Miasma is the first worm to weaponize AI coding agent config files for persistence. Its June 1–5 waves hit Red Hat (32 npm packages) then Microsoft (73 GitHub repos including Azure Functions Action). With Mini Shai-Hulud open-sourced May 12, any threat actor can now clone and deploy this capability.

## Related terms

- *parent:* supply chain attack
- *parent:* Mini Shai-Hulud
- *child:* Phantom Gyp
- *related:* agent-traps
- *related:* claude-code
- *related:* coding-agents
- *related:* agentic-coding
- *related:* agents-md
- *related:* protestware
- *related:* stop-hook
- *related:* webhook-secrets
- *related:* npmx

## Sources

1. [Snyk: Miasma supply chain attack — malicious code in RedHat-cloud-services npm (Jun 1, 2026)](https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/)
2. [StepSecurity: Miasma Worm Hits Microsoft — Azure Functions Action and 72 Other Repos Disabled (Jun 8, 2026)](https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents)
3. [StepSecurity: Miasma npm Supply Chain Attack — Phantom Gyp self-spreading worm (Jun 4, 2026)](https://www.stepsecurity.io/blog/binding-gyp-npm-supply-chain-attack-spreads-like-worm)
4. [SafeDep: Miasma Worm Targets AI Coding Agents via GitHub Repo Config Injection (Jun 5, 2026)](https://safedep.io/miasma-worm-ai-coding-agent-config-injection/)
5. [Microsoft Security Blog: Preinstall to Persistence — Inside the Red Hat npm Miasma Campaign (Jun 2, 2026)](https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/)
6. [Wiz Research: Miasma Supply Chain Attack Targeting RedHat npm Packages (Jun 2, 2026)](https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages)
7. [Snyk Vulnerability DB: SNYK-JS-REDHATCLOUDSERVICESHCCFEOMCP-17117403 — Critical 9.3 CVSS (Jun 1, 2026)](https://security.snyk.io/vuln/SNYK-JS-REDHATCLOUDSERVICESHCCFEOMCP-17117403)
8. [SafeDep Threat Intelligence: Miasma — The Spreading Blight campaign tracker (ongoing)](https://safedep.io/ti/campaigns/miasma-the-spreading-blight/)

---
_Generated by EarlyTerms · https://earlyterms.com/term/miasma_