Threat Report Summary
On 14 July 2026, a coordinated supply‑chain attack exploited a vulnerability in the AsyncAPI generator repository’s pull_request_target workflow. The attacker used the flaw to extract a high‑privilege Personal Access Token (PAT) and subsequently released five malicious NPM packages under the @asyncapi namespace. These packages, which pass through over three million weekly downloads, contain a multi‑stage payload that establishes persistence, steals credentials, and communicates with a complex command‑and‑control (C&C) network.
Attack Vector
The core of the attack was a “pwn request” vulnerability in GitHub Actions. The workflow used pull_request_target to trigger on PRs but then checked out code from the PR itself and executed it in the base repository’s context, thereby granting untrusted code full access to secrets stored by the repository.
Although the issue was identified on 29 April and a fix proposed on 17 May, the patch remained open until the attacker struck. At 05:08 UTC, PR #2155 uploaded a markdown file containing ~1,000 invisible bytes followed by obfuscated JavaScript that enumerated environment variables, extracted the PAT, and sent it to a dead‑drop at rentry[.]co/elzotebo.
Malicious Packages
The stolen PAT was used to commit directly to the next branch at 06:58 UTC. The release workflow published three compromised packages at 07:10 UTC. The attacker then pushed additional malicious commits to the asyncapi/spec-json-schemas repository between 07:51 and 08:28 UTC, releasing two more versions.
The five vulnerable packages are:
- @asyncapi/generator 3.3.1
- @asyncapi/generator-helpers 1.1.1
- @asyncapi/generator-components 0.7.1
- @asyncapi/specs 6.11.2
- @asyncapi/specs 6.11.2-alpha.1
Payload Architecture
The infection chain is staged:
- Stage 1 – Import Hook. On
require(), a detached child process downloads Stage 2 from IPFS and places it in a platform‑specific directory (~/.local/share/NodeJS/sync.json Linux,~/Library/Application Support/NodeJS/sync.json macOS, %LOCALAPPDATA%\NodeJS\sync.js on Windows). - Stage 2 – Encrypted Bundle. An 8.25 MB encrypted payload is fetched from IPFS (IPFS hash) containing configuration data and the main runtime.
- Stage 3 – Full‑Featured Malware. A 92,000‑line framework establishes persistence via
systemduser services on Linux (service namemiasma-monitor.service) and communicates with C&C over HTTP, Nostr relays, Ethereum smart contracts (fallback contract), and a libp2p mesh. It includes classic Trojan capabilities: directory listing, file retrieval, remote command execution, credential theft from browsers (Chrome, Brave, Firefox, Edge), SSH keys, NPM/GitHub tokens, AWS credentials, macOS Keychain entries, and cryptocurrency wallets.
Indicators of Compromise
Wiz’s automated detection flagged the following hashes as malicious:
- 22bf76fe317ea6769bd38619bd440e42d119bd6b –
validator.js(generator) - a7e18d96efd3cdb127ef4cdcad9e3ad26c482bf2 –
utils.js(generator-helpers) - 9890950adcbc2478e7a080234f053214adbad44e –
ErrorHandling.js(generator-components) - c70e105e212ff3c1daa04bb2a62507717f296b0b –
index.js(specs) - c8cb3f6d5b90c46686d2bf531dc1a5786e27edc5 –
sync.js(Stage 2)
Additional IOCs:
- IP 85[.]137[.]53[.]71 – C&C server (ports 8080/8081)
- Ethereum addresses: 0x12c37A86a0Ed0beBe5d1d6a43E42f07860eAc710, 0x1969ab05d67b67fdcaa26240f738ccb077e1cd84, 0x92d4C5413e4F7B258a114964101F9e1C6d64C6Ba
- IPFS hashes: QmQobZSp1wRPrpSEQ56qnyq7ecZh5Bg5k1fnjt4SUwwHb9, Qmet4fhsAaWMBUxNDfREHwgiyDeSWy4YSYs9wiKUW5jGyf
- Service: miasma-monitor.service (systemd persistence)
Recommended Actions for Security Teams
- Immediate Investigation. Verify that no unapproved PRs have been merged in your repositories, especially those using the
pull_request_targetevent. Audit Workstations & CI/CD Pipelines. Scan all developer machines and build nodes for installed packages matching any of the five affected versions. Replace them with vetted alternatives or remove them entirely.
Rotate Secrets. Revoke and regenerate all GitHub PATs, SSH keys, cloud provider credentials, and CI/CD secrets that could have been exposed by the compromised token.
Deploy Supply‑Chain Defenses. Implement dependency allowlisting, generate a software bill of materials (SBOM) for every package you consume, verify package integrity with cryptographic signatures, and monitor build environments for anomalous activity.
Enable Monitoring. Set up real‑time alerts for unexpected outbound connections to suspicious IP addresses or domains such as the ones listed above. Integrate IOC feeds into your SIEM/SOAR platform.
For more details consult the original pulse on AlienVault (hxxtp://otx[.]alienvault[.]com/pulse/6a5665a03fa69522f5e6c982) and the Wiz blog post (hxxps://www.wiz[.]io/blog/m-red-team-asyncapi-supply-chain-compromise-via-github-actions).
Share this:
- Share on LinkedIn (Opens in new window) LinkedIn
- Share on X (Opens in new window) X
- Share on WhatsApp (Opens in new window) WhatsApp
- Share on Telegram (Opens in new window) Telegram
- Email a link to a friend (Opens in new window) Email
- Share on Reddit (Opens in new window) Reddit
- Share on Facebook (Opens in new window) Facebook

