Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed 'Miasma.' The malicious packages were published to the npm registry and designed to steal developer credentials, including SSH keys, AWS tokens, and other sensitive information. The attack was discovered by security researchers who noted that the compromised packages were downloaded thousands of times before being taken down. Red Hat has removed the affected packages and is investigating the incident. Developers who have used these packages are advised to rotate any credentials that may have been exposed and to audit their systems for signs of compromise.
Compromised packages can steal developer credentials, leading to unauthorized access to critical infrastructure.