Malicious npm Packages by Red Hat Stole Developer Data

Cybersecurity experts uncovered a large-scale supply chain attack affecting over 30 npm packages under the @redhat-cloud-services namespace. Attackers injected malicious code into these packages, distributing a new version of the Shai-Hulud trojan, known as Miasma.

The primary goal of the attack was to steal credentials from developers interacting with Red Hat’s cloud services. The malware collected data from environment variables, configuration files, and other sources before transmitting it to attacker-controlled servers.

Experts note that attacks on package repositories are becoming increasingly common, as they allow threat actors to rapidly distribute malicious code to a large user base. Red Hat has removed the compromised packages and is investigating the incident.

Developers are advised to audit their projects for vulnerable dependencies and update packages to secure versions. Special attention should be given to reviewing environment variables and configuration files for potential leaks of sensitive data.