AsyncAPI npm Supply Chain Attack: Import-Time Malware
Summary
Microsoft Threat Intelligence uncovered a coordinated compromise of the AsyncAPI npm organization that republished five package versions with malicious code that runs when packages are imported, not just installed. The incident matters because common mitigations like npm install --ignore-scripts do not stop this technique, putting developer workstations, CI/CD pipelines, and production services at risk if they resolved the affected versions.
Introduction
Microsoft has disclosed a significant software supply chain incident affecting the @asyncapi npm organization. The attack is notable because the malicious payload executes at import/require time, which means standard defenses such as npm install --ignore-scripts are not enough to prevent compromise.
For IT and security teams, this raises the urgency of reviewing developer environments, CI/CD pipelines, container builds, and any production workloads that may have pulled the affected package versions.
What happened
On July 14, 2026, five malicious package versions across four AsyncAPI package names were republished:
@asyncapi/[email protected]@asyncapi/[email protected]@asyncapi/[email protected]@asyncapi/[email protected]@asyncapi/[email protected]
According to Microsoft, the injected loader executed immediately when a poisoned package was imported. It then spawned a detached Node.js process that fetched a second-stage payload, sync.js, from IPFS.
How the attack worked
Microsoft traced the compromise back to a misconfigured GitHub Actions workflow using pull_request_target in the asyncapi/generator repository.
Key elements of the attack chain included:
- A malicious pull request that executed untrusted code in a privileged workflow
- Exposure of a bot personal access token used for unauthorized pushes
- Abuse of legitimate GitHub OIDC trusted publishing workflows
- Publication of packages with valid provenance signatures despite unauthorized source changes
- Delivery of a Miasma modular runtime with C2, persistence, and fallback channels
This is especially important because the packages appeared legitimate from a publishing and provenance perspective.
Why this matters for administrators
The blast radius extends beyond developers using AsyncAPI directly. Because @asyncapi/specs is a transitive dependency, downstream tools and builds may have imported the compromised code without explicit awareness.
Potentially affected environments include:
- Developer workstations
- Build agents and CI/CD pipelines
- Container image build systems
- Production services that resolved the affected versions
Microsoft Defender Antivirus detects related artifacts as Trojan:JS/MiasmStealer.SC and Trojan:Script/Supychain.A.
Recommended actions
Organizations should act immediately:
- Remove all five affected package versions
- Purge npm and Yarn caches
- Hunt for
sync.jsin OS-specificNodeJSmasquerade directories - Block outbound traffic to
85.137.53.71on ports8080,8081, and8091 - Rotate credentials accessible from systems that imported the compromised packages
- Review GitHub Actions workflows for unsafe
pull_request_targetusage and overprivileged tokens
Final takeaway
This incident highlights how trusted publishing and signed provenance do not guarantee safe source changes. Security teams should treat CI/CD workflow hardening, dependency monitoring, and credential rotation as immediate priorities after any exposure to the affected AsyncAPI packages.
Need help with Security?
Our experts can help you implement and optimize your Microsoft solutions.
Talk to an ExpertStay updated on Microsoft technologies