Home / Companies / Semgrep / Blog / Post Details
Content Deep Dive

Miasma v3 Hit 4 AsyncAPI Packages — Did NPM's Defenses Work, or Just Get Dodged?

Blog post from Semgrep

Post Details
Company
Date Published
Author
Katie Paxton-Fear, Max Vonblankenburg
Word Count
946
Company Posts That Month
5
Language
English
Hacker News Points
-
Post removed?
No
Summary

In a sophisticated cyberattack on July 14, 2026, an attacker gained access to the asyncapi/generator repository, pushing a single malicious commit that triggered the project's GitHub Actions workflow, leading to the release of tampered packages on npm with valid provenance attestations. The malicious code, hidden through obfuscation and padding, activates upon module use, not installation, indicating that npm's security measures are influencing attacker strategies. The attack utilized a Remote Access Trojan (RAT) named "Miasma v3," capable of credential harvesting, lateral movement, and AI coding-assistant poisoning, while employing multiple command-and-control channels for resilience. Despite the attack's complexity, the authors deliberately disabled npm propagation to avoid detection, underscoring the increased professionalism and evolving tactics in cyber threats. This incident highlights the importance of continuous vigilance and adaptation in security practices, as enhanced security measures like script blocking, while effective, are not foolproof solutions.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.