There’s a new kind of malware spreading through software development tools. It’s called Miasma, a self-replicating worm that targets popular open-source packages and developer workflows. This worm is not just a typical virus. It steals cloud credentials and spreads on its own across developer repositories.

The latest wave hit Microsoft’s own GitHub repositories. Over 70 repos across Azure and Microsoft organizations were disabled after malicious code was found inside them. This code triggered automatically when developers opened the projects in AI coding tools like Claude Code, Gemini CLI, Cursor, and VS Code. The worm would quietly steal credentials for major cloud providers and developer platforms.

Miasma works by hiding a large payload that runs during the installation or opening of a project. It grabs sensitive data such as AWS, Azure, and Google Cloud keys, Kubernetes tokens, npm and GitHub credentials, and even SSH keys. Then it uses those stolen credentials to infect other repositories the victim can access, spreading like a worm.

The Red Hat npm Supply Chain Breach

Miasma also struck a large number of official npm packages under Red Hat’s @redhat-cloud-services scope. Thirty-two packages and nearly 100 malicious versions were affected. These packages are widely used and were downloaded over 80,000 times per week before the attack was discovered.

The attackers hijacked a trusted GitHub Actions pipeline used by Red Hat. This pipeline uses OpenID Connect (OIDC) tokens to publish packages. By compromising this system, the attackers could publish backdoored packages signed with valid cryptographic proofs. This made the malicious versions look legitimate to automated security checks.

The malware installs itself through a preinstall hook in the package.json. This means it runs as soon as the package is installed—before any other code executes. Developers do not need to run or import the infected package for the malware to activate. Simply running npm install is enough.

How Miasma Steals and Spreads

The worm collects a wide range of secrets from the infected system. It scrapes runtime memory on Linux CI/CD runners to find cloud tokens hidden in environment variables. It looks for credentials from AWS, Azure, GCP, Kubernetes, HashiCorp Vault, CircleCI, and GitHub Actions. It even targets local environment files and SSH keys.

Once the worm has stolen these credentials, it sends them out through encrypted channels. It uses legitimate APIs like GitHub and Anthropic’s Claude API to blend exfiltration with normal network traffic. This stealth technique helps it avoid detection by network filters.

Miasma then uses the stolen npm tokens to publish malicious updates to other packages the victim can control. This lets it spread across the open-source ecosystem. The worm also injects persistence hooks into IDE configuration files like VS Code’s tasks.json and Claude’s settings, so it can reactivate each time the developer opens their workspace.

One chilling feature is a destructive fail-safe. The malware has a honeytoken named IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner. If security teams try to revoke this token, the worm triggers a wipe of the developer’s home directory and codebase. This makes remediation and forensic analysis much harder.

Why This Attack Is Dangerous and What to Do

This attack exploits trust in CI/CD pipelines and package registries. The malicious code comes from official publisher identities with valid signatures. Usual defenses like version pinning and provenance checks fail because the attacker controlled the trusted publishing process.

Developers and organizations that installed any affected packages or cloned infected repositories should assume their credentials are compromised. Immediate rotation of all passwords, API keys, SSH keys, and cloud credentials is essential. Full incident response and threat hunting must follow.

Security experts warn that removing the infected packages alone is not enough. The malware can persist in developer tools and IDE settings. Teams must audit their environments thoroughly and tighten controls on CI/CD pipelines, token scopes, and package publishing workflows.

The Miasma campaign reveals how attackers now weaponize AI coding tools and modern DevOps practices. As developers rely more on AI assistants, malware triggers at points no one expected. Protecting supply chains means rethinking trust models and securing every link—from code to cloud.