{"slug": "miasma-v2-self-spreading-npm-worm-now-uses-malicious-binding-gyp-file-and-57", "title": "Miasma v2: Self-Spreading npm Worm Now Uses Malicious binding.gyp file and Compromises 57 Packages", "summary": "A self-spreading npm worm called Miasma v2 compromised 57 packages across 286+ malicious versions by using a malicious binding.gyp file to trigger arbitrary code execution during npm install, without declaring lifecycle scripts. The worm harvests cloud credentials, GitHub Actions secrets, and credential store data, injects backdoors into AI coding-assistant configs, and forges provenance attestations to spread automatically.", "body_md": "A self-spreading npm worm dubbed **Miasma** compromised 57 npm packages across 286+ malicious versions. Rather than using the usual preinstall/postinstall lifecycle scripts in package.json, the malware ships a ~157-byte binding.gyp file containing a command-substitution action (\"<!(node index.js > /dev/null 2>&1 && echo stub.c)\"). This triggers arbitrary code execution during npm install __without__ declaring a lifecycle script. And it’s showing its effectiveness, [ spreading through npm packages much quicker than the attackers first attack earlier this week](https://semgrep.dev/blog/2026/forking-shai-hulud-redhat-npm-packages-are-the-next-victim-after-github-actions-compromise-and-worm/).\n\nThe payload is once again highly obfuscated and harvests AWS, GCP, and Azure credentials, GitHub Actions secrets (including direct extraction from runner process memory via /proc/*/mem), and 1Password, gopass, and pass credential stores. It also injects persistent backdoors into AI coding-assistant configuration files to poison AI-generated code. Finally just like [ Mini Shai-Hulud](https://semgrep.dev/blog/2026/children-of-shai-hulud-an-analysis-of-the-the-evolution-delivery-and-spread-of-the-tanstack-shai-hulud-campaign/) propagates automatically by forging provenance attestations so reinfected packages appear legitimate. Stolen credentials are once again exfiltrated to attacker-controlled GitHub repositories.\n\n**Affected Packages**\n\n@evolvconsulting/evolv-coder-lite version 1.2.0\n\n@jagreehal/workflow version 1.16.1\n\n@vapi-ai/server-sdk versions 0.11.1, 0.11.2, 1.2.1, 1.2.2\n\nai-sdk-ollama versions 0.13.1, 1.1.1, 2.2.1, 3.8.5\n\nautotel versions 2.26.4, 3.4.3\n\nautotel-adapters version 0.3.5\n\nautotel-audit version 0.1.15\n\nautotel-aws version 0.13.10\n\nautotel-backends version 2.12.26\n\nautotel-cli version 0.8.14\n\nautotel-cloudflare version 2.18.16\n\nautotel-devtools versions 0.1.1, 1.0.4, 2.1.1, 3.0.2, 4.0.1, 5.1.1, 6.1.2\n\nautotel-drizzle version 0.0.27\n\nautotel-edge version 3.16.13\n\nautotel-eventcatalog versions 1.0.1, 2.0.1, 3.0.1, 4.0.2, 5.0.1\n\nautotel-hono version 0.4.26\n\nautotel-mcp versions 0.1.14, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 13.0.1, 14.0.1, 15.0.2, 16.0.1, 17.0.2, 18.0.1, 19.0.1, 20.0.1, 21.1.1, 22.0.1, 23.0.1, 24.0.1, 25.0.1, 26.0.2, 27.0.1, 28.0.3\n\nautotel-mcp-instrumentation versions 29.0.2, 30.0.5, 31.0.1, 32.0.1, 33.0.2, 34.0.1\n\nautotel-mongoose versions 0.0.3, 1.0.2, 2.0.5, 3.0.1, 4.0.1, 5.0.2, 6.0.1\n\nautotel-pact versions 0.2.2, 1.0.3\n\nautotel-playwright version 0.4.32\n\nautotel-plugins version 0.19.26\n\nautotel-sentry version 0.5.13\n\nautotel-subscribers versions 4.1.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.1.1, 15.0.1, 16.0.2, 17.0.1, 18.0.3, 19.0.1, 20.0.1, 21.0.1, 22.0.2, 23.0.2, 24.0.1, 25.0.1, 26.0.1, 27.0.2, 28.0.2, 29.0.6, 30.0.4, 31.1.4\n\nautotel-tanstack version 1.13.27\n\nautotel-terminal versions 2.1.1, 3.0.1, 4.0.2, 5.0.1, 6.0.3, 7.0.1, 8.0.1, 9.0.1, 10.0.2, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.2, 16.0.2, 17.0.10, 18.0.4, 19.0.8, 20.0.2, 21.0.1, 22.0.2, 23.0.3\n\nautotel-vitest version 0.4.26\n\nautotel-web version 1.12.2\n\nawaitly version 1.33.3\n\nawaitly-analyze versions 0.24.2, 1.1.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1\n\nawaitly-libsql versions 0.1.1, 1.0.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.1.1, 19.0.1, 20.0.1, 21.0.1, 22.0.1\n\nawaitly-mongo versions 0.1.1, 1.0.1, 2.0.1, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.1.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.0.1, 19.1.1, 20.0.1, 21.0.1, 22.0.1, 23.0.1\n\nawaitly-postgres versions 0.1.1, 1.0.1, 2.0.1, 3.0.2, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.0.1, 19.1.1, 20.0.1, 21.0.1, 22.0.1, 23.0.1\n\nawaitly-visualizer versions 1.0.1, 2.0.2, 3.0.1, 4.0.1, 5.0.1, 6.0.1, 7.0.1, 8.0.1, 9.0.1, 10.0.1, 11.0.1, 12.0.1, 13.0.1, 14.0.1, 15.0.1, 16.0.1, 17.0.1, 18.1.1, 19.0.1, 20.0.2, 21.0.1, 22.0.2\n\neffect-analyzer version 0.3.1\n\neslint-plugin-awaitly versions 0.17.1, 1.0.1\n\neslint-plugin-executable-stories-jest versions 1.2.1, 2.1.8\n\neslint-plugin-executable-stories-playwright versions 1.2.1, 2.1.8\n\neslint-plugin-executable-stories-vitest versions 1.2.1, 2.1.8\n\nexecutable-stories-cypress versions 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.2\n\nexecutable-stories-demo version 0.1.11\n\nexecutable-stories-formatters version 0.11.2\n\nexecutable-stories-init version 0.1.2\n\nexecutable-stories-jest versions 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.2\n\nexecutable-stories-mcp version 0.3.3\n\nexecutable-stories-playwright versions 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.4.3\n\nexecutable-stories-react version 0.1.7\n\nexecutable-stories-vitest versions 2.0.1, 3.1.1, 4.0.1, 5.0.1, 6.1.1, 7.0.3, 8.3.3\n\nhttp-uploader-dev version 1.0.7\n\nmountly version 0.2.2\n\nmountly-tailwind version 0.1.3\n\nnode-env-resolver version 6.5.1\n\nnode-env-resolver-aws versions 9.1.2, 10.0.1, 11.0.1, 12.0.1\n\nnode-env-resolver-dotenvx versions 1.0.1, 2.0.1\n\nnode-env-resolver-nextjs version 7.4.2\n\nnode-env-resolver-vite version 2.4.2\n\nwrangler-deploy version 1.5.5\n\n**For Semgrep Customers**\n\n**Trigger a new scan** if you haven't recently on your projectsto see if any projects have installed these package versions recently, or the**Check the advisories page****Dependency filter** to see if you are using any earlier versions.If you are:\n\nCheck if you have any of the file/system artefacts, particularly the persistence through Claude, Cursor, VSCode and Gemini\n\nIf you are affected you should also immediately investigate all CI/CD pipelines too\n\nRotate any credentials associated with the pipeline and the compromised user\n\n**Indicators of Compromise**\n\n**Domains / C2 Servers**\n\nExfiltration path pattern: {repo}/contents/results/results-{timestamp}.json\n\nC2 beacon keyword (GitHub commit search): thebeautifulmarchoftime\n\nToken validation keyword: IfYouInvalidateThisTokenItWillNukeTheComputerOfTheOwner\n\nBun runtime download URL: github.com/oven-sh/bun/releases/download/bun-v1.3.13/bun-*.zip\n\n**Files / System Artifacts**\n\nbinding.gyp — 157-byte file triggering code execution during npm install\n\nRoot-level index.js — obfuscated payload (4+ MB) injected alongside legitimate package code\n\n/tmp/b-* — temp directory containing the downloaded Bun binary\n\nAI assistant backdoor files: .claude/setup.mjs, .claude/settings.json, .cursor/rules/setup.mdc, .gemini/settings.json, .vscode/tasks.json, .vscode/setup.mjs, .github/setup.js", "url": "https://wpnews.pro/news/miasma-v2-self-spreading-npm-worm-now-uses-malicious-binding-gyp-file-and-57", "canonical_source": "https://semgrep.dev/blog/2026/miasma-v2-self-spreading-npm-worm-now-uses-malicious-bindinggyp-file-and-compromises-57-packages", "published_at": "2026-06-04 00:00:00+00:00", "updated_at": "2026-06-28 23:30:01.036078+00:00", "lang": "en", "topics": ["ai-safety", "ai-products", "ai-tools", "ai-agents", "ai-policy"], "entities": ["npm", "GitHub Actions", "AWS", "GCP", "Azure", "1Password", "gopass", "pass"], "alternates": {"html": "https://wpnews.pro/news/miasma-v2-self-spreading-npm-worm-now-uses-malicious-binding-gyp-file-and-57", "markdown": "https://wpnews.pro/news/miasma-v2-self-spreading-npm-worm-now-uses-malicious-binding-gyp-file-and-57.md", "text": "https://wpnews.pro/news/miasma-v2-self-spreading-npm-worm-now-uses-malicious-binding-gyp-file-and-57.txt", "jsonld": "https://wpnews.pro/news/miasma-v2-self-spreading-npm-worm-now-uses-malicious-binding-gyp-file-and-57.jsonld"}}