Full Report
As if there weren't enough package poisonings to worry about
Analysis Summary
# Tool/Technique: Miasma
## Overview
Miasma is a self-spreading supply-chain attack toolkit and worm designed to compromise software development environments. It functions as an integrated framework for automating attacks against public and private package registries, repositories, and developer tools. Unlike traditional malware that relies on dedicated command-and-control (C2) servers, Miasma utilizes GitHub’s legitimate infrastructure and public APIs for its operational coordination, making detection via traditional network monitoring difficult.
## Technical Details
- **Type**: Malware Family / Supply-Chain Attack Toolkit
- **Platform**: Multi-platform (Node.js/npm, Python/PyPI, Ruby/RubyGems, GitHub Actions, JFrog Artifactory, AI coding tools)
- **Capabilities**: Credential theft, automated package poisoning, lateral movement (SSH), data exfiltration, and persistent monitoring.
- **First Seen**: June 8, 2026 (Public release/Open-sourcing)
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1195.002 - Supply Chain Compromise: Compromise Software Dependencies]
- [T1078 - Valid Accounts]
- **[TA0008 - Lateral Movement]**
- [T1021.004 - Remote Services: SSH]
- **[TA0011 - Command and Control]**
- [T1102.001 - Web Service: Dead Drop Resolver]
- [T1105 - Ingress Tool Transfer]
- **[TA0010 - Exfiltration]**
- [T1567 - Exfiltration Over Web Service]
## Functionality
### Core Capabilities
- **Registry Poisoning**: Automates the publication of malicious code to arbitrary or targeted packages on PyPI, npm, and RubyGems using stolen credentials.
- **Automated Propagation**: Uses a worm-like mechanism to spread through GitHub repositories and compromise developer accounts.
- **Infrastructure-less C2**: Leverages GitHub’s public commit search API to receive commands, updates, and configuration without needing a standalone C2 server.
- **Lateral Movement**: Includes modules for moving through networks via SSH based on discovered credentials.
### Advanced Features
- **AI Tool Poisoning**: Targets configurations for AI coding assistants to inject malicious behavior or extract data.
- **Multi-Channel C2**: Specifically utilizes three distinct unauthenticated GitHub search strings for different tasks:
- **DontRevokeOrItGoesBoom**: Used to discover encrypted Personal Access Tokens (PATs) for data exfiltration.
- **TheBeautifulSandsOfTime**: Delivers JavaScript payloads for immediate runtime execution via `eval()`.
- **firedalazer**: Delivers Python script URLs for maintaining a persistent monitor on infected systems.
- **Encryption**: Employs AES-256-CBC for encrypting sensitive data within commit messages.
## Indicators of Compromise
- **File Names**: `Miasma-Open-Source-Release` (Repository name)
- **Network Indicators**:
- `github[.]com/search` (Abused for C2)
- `github[.]com/YangYongAn/Miasma-Open-Source-Release` (Defanged repository link)
- **Behavioral Indicators**:
- Unusually high frequency of calls to the GitHub Commit Search API.
- Execution of Node.js `eval()` functions on dynamically fetched strings.
- Presence of specific search strings in environment variables or memory: `DontRevokeOrItGoesBoom`, `TheBeautifulSandsOfTime`, `firedalazer`.
## Associated Threat Actors
- **TeamPCP** (Linked to the predecessor toolkit, Mini Shai-Hulud)
- **Compromised User Accounts**: The toolkit was notably distributed via previously hijacked GitHub accounts.
## Detection Methods
- **Behavioral Analysis**: Monitor for processes (Node/Python) making repeated, unauthenticated requests to the GitHub Search API, particularly those looking for specific commit message patterns.
- **Dependency Auditing**: Use tools like SafeDep’s PMG or Socket to scan package manifests for known malicious versions or suspicious maintenance patterns.
- **Log Review**: Audit GitHub Personal Access Token (PAT) usage for anomalies, such as tokens being used from unexpected IP ranges or used to access disparate repositories.
## Mitigation Strategies
- **Enforce MFA**: Require Multi-Factor Authentication for all developers on GitHub and package registries to prevent account takeover and subsequent toolkit distribution.
- **Token Scoping**: Implement the principle of least privilege for PATs; use fine-grained tokens with restricted access and short expiration windows.
- **CI/CD Hardening**: Ensure GitHub Actions and other CI/CD pipelines are restricted from accessing sensitive secrets unless explicitly required.
- **Egress Filtering**: Restrict development environments from initiating outbound connections to public registries or APIs except through verified proxies or gateways.
## Related Tools/Techniques
- **Mini Shai-Hulud**: The predecessor toolkit from which Miasma evolved.
- **Package Poisoning**: Generic technique of publishing malicious updates to legitimate libraries.
- **Vibe Coding**: A term referenced regarding the manual/ad-hoc creation of malware by attackers as an alternative to using fixed toolkits.