The Miasma malware campaign compromised an npm maintainer account to publish poisoned updates to over 20 packages.
The attack targets developer workstations and CI runners to harvest sensitive credentials like AWS, Azure, and GitHub tokens.
The malware uses the Bun JavaScript runtime to evade detection by security software.
Key Facts
01
01 — What / Thesis
Miasma malware campaign targets npm packages
02
02 — Who / Subject
Microsoft Threat Intelligence, Miasma operators
03
03 — Where / Locus
Global
04
04 — When / Temporality
June 24, 2026
AI Verification Note
This article is generated by cross-referencing multiple sources and official announcements. Parts relying solely on testimony or reporting are reflected in the confidence score; content and assessment are updated as new information is confirmed.
