The campaign, which Wiz researchers are tracking as Miasma, is thought to be the latest evolution of Shai-Hulud, a self-propagating malware family that has repeatedly surfaced in software supply chain attacks targeting the npm ecosystem.
“Investigation revealed that at least 32 package releases contained unauthorized modifications that do not match the corresponding source repositories,” Wiz researchers said in a blog post. “These packages cumulatively average ~80,000 weekly downloads.“
By compromising packages associated with Red Hat Cloud Services, the attackers are targeting a software ecosystem that many organisations already trust. The good news is that most of the packages feared to be infected are already removed, the researchers noted.
Shai Hulud came for trusted packages
According to reports, attackers compromised npm packages published under Red Hat Cloud Services-related namespace and inserted malware capable of executing automatically during package installation.
