Researchers are warning that hackers planted credential-stealing malware in Red Hat-related software packages used by cloud developers, creating a potential path for downstream supply-chain attacks.
The malicious code, according to StepSecurity, was planted in Red Hat-related software packages published to npm, the JavaScript package registry developers use to download and share reusable code. The goal was to harvest cloud keys, GitHub tokens and other credentials used to build and ship software.
“Several packages in the @redhat-cloud-services npm scope were found to carry malicious payloads that fire via a preinstall hook on every npm install,” StepSecurity researcher Rohan Prabhu explained.
Researchers said the malware acted like a worm, stealing developer credentials and using them to publish more poisoned software packages.
Credential theft built into the install process
One successful infiltration of a developer’s published code could expose credentials on any downstream developer machine or build system that installed the poisoned versions. Prabhu said the malware searched developer and build environments for credentials tied to GitHub Actions, Amazon Web Services, Google Cloud, Microsoft Azure, Kubernetes, HashiCorp Vault, npm and CircleCI.
Stolen credentials allow attackers to skip traditional phishing email or a direct break-in and simply use the credentials (or keys) to access protected systems without needing to phish a user or exploit a perimeter vulnerability.
Red Hat says no customer systems were affected
Red Hat confirmed that attackers had tampered with legitimate Red Hat-related packages on the npm registry of open-source code. The breach underscores a dangerous new reality in software security: open-source malware has officially moved beyond simple typosquatting and into “brandjacking” tactics designed to hide inside legitimate software paths and exploit developer trust.
The poisoned packages were tied to code used to build Red Hat cloud service web pages and dashboards. Red Hat said no Hybrid Cloud Console release was published during the compromise window, and that its publication process strips installation-time scripts before deployment to console.redhat.com.
StepSecurity first detailed the malicious Red Hat-related npm packages, while Wiz separately tracked the same incident as “Miasma.” Wiz said the campaign origins are likely tied to the Mini Shai-Hulud malware that was previously open-sourced by TeamPCP. Wiz cautioned that the overlap should be treated as shared tradecraft, not definitive attribution, because other actors could reuse or adapt the same tooling.
A short attack window, but a long risk tail
The poisoned package versions appear to have been available on npm for less than five hours on June 1, roughly from 10:54 UTC to 15:21 UTC, based on package-tracking data. Wiz said the attacker activity unfolded in two waves during that period.
The window appears to have lasted less than five hours, but in the software supply chain that is plenty of time to do damage. Developers and automated build systems can download packages at any hour, and a single poisoned install can expose the credentials used to access code repositories, cloud accounts and deployment tools.
Microsoft later published technical details tied to the incident and said the initial Red Hat npm compromise affected 32 package names across more than 90 malicious versions.
Red Hat said the compromised package versions were removed from npm and that its investigation has found no evidence so far that customer environments, partner environments or Red Hat production systems were affected. StepSecurity published a list of affected packages and versions and advised users who installed them to assume compromise and rotate exposed credentials immediately.
That does not mean every downstream risk is gone. StepSecurity and Wiz advised anyone who installed the affected versions to investigate developer machines and build systems and rotate exposed credentials, because deleting a poisoned package does not claw back secrets that may already have been stolen.
Supply-chain attacks keep turning trust into the attack path
The Red Hat npm incident is not another SolarWinds. But it belongs to the same category of persistent supply-chain attacks.
Verizon’s 2026 Data Breach Investigations Report found that third-party supply-chain related attacks jumped 60% and now attributed in 48% of breaches.
SolarWinds remains the poster child for software supply-chain attacks. Publicly disclosed in December 2020, the attack turned a routine update for SolarWinds’ Orion software into the delivery mechanism for a major espionage campaign. Organizations that had not been directly breached still found themselves exposed because software they trusted had been compromised upstream.
Shaun Nichols is an IT news journalist. He has spent nearly 20 years covering the industry with a specialty in cybersecurity.
