AsyncAPI npm packages with 2M weekly downloads were compromised, spreading malware with info-stealing, crypto-theft and RAT capabilities.
OX Security researchers disclosed on July 14 that the AsyncAPI npm organization was compromised, with malicious code injected into four packages that together account for over 2 million weekly downloads. The affected versions are @asyncapi/generator 3.3.1, @asyncapi/generator-components 0.7.1, @asyncapi/generator-helpers 1.1.1, and @asyncapi/specs 6.11.2 and 6.11.2-alpha.1. AsyncAPI is widely used by developers building event-driven APIs, which means the blast radius here touches a broad cross-section of professional development environments.
“This is a highly sophisticated, multi-stage supply chain attack. The malware functions as a hybrid info-stealer, crypto-stealer, and Remote Access Trojan (RAT).” reads the report published by OX. “It actively attempts to confuse analysts by mimicking known campaigns (like Miasma) and targets developers and repository maintainers.”
OX describes what was injected as far more than a simple credential harvester. The malware payload runs to 91,973 lines of code. Whoever wrote this was not in a hurry.
The infrastructure choices are deliberate and designed for resilience. The malware uses IPFS, a legitimate peer-to-peer file storage network, to host its payload and as a fallback command-and-control server if the primary C2 at 85[.]137[.]53[.]71 becomes unavailable.
“The malware uses ipfs.io – a legitimate peer-to-peer network to store and share data – in order to store its malicious payload. Later on it uses it as a fallback server in case the C2 server is not functional.” OX explains. “The malware also uses a wide array of backup communication nodes and beacons to keep communication alive even after the C2 fails, and to bypass network-based blocks.”
Beyond IPFS, the malware maintains communication through BitTorrent bootstrap nodes including router.bittorrent.com, router.utorrent.com, and dht.transmissionbt.com, giving it multiple fallback paths if any single channel is blocked at the network level.
The self-propagation capability is what makes this particularly dangerous for developer environments. If the malware finds valid authentication tokens for npm, PyPI, or Cargo on the compromised machine, it attempts to publish itself into packages the victim maintains on those registries. One compromised developer account becomes a new distribution vector.
The researchers found an embedded Ethereum contract address, 0x12c37A86a0Ed0beBe5d1d6a43E42f07860eAc710, in the code, however, they were not able to fully determine how it’s used operationally.
The malware checks whether it’s running inside a virtual machine, whether an endpoint detection tool is present, and whether the system’s locale is set to Russian. If any of those conditions are true, it terminates. This is standard practice for malware that doesn’t want to infect its operators’ own machines or run inside a security researcher’s sandbox.
“Although the malware has some similarities to the Shai-Hulud and Miasma campaigns, and it contains the Miasma string multiple times inside its code, this malware isn’t the same as them, nor is it attributed to the Miasma/Shai-Hulud/TeamPCP campaigns that we’ve seen in the past.” states the report.
The Miasma references inside the code appear to be deliberate misdirection rather than a genuine connection, a tactic designed to send analysts chasing the wrong attribution trail.
npm’s version 12 introduced restrictions on post-install scripts, specifically to prevent malware from executing code at install time. The attackers here didn’t need that vector.
The malicious payload was injected directly into the main JavaScript file of each affected package, making it indistinguishable from legitimate code at install time and executable the moment the package is imported in a project.
If you use any of the affected package versions, the immediate steps are to revoke all developer tokens associated with npm, PyPI, and Cargo on any machine that may have run these packages, rotate secrets, and audit recent commits and package releases in your own registries for unauthorized changes. Monitor for unexpected outbound connections to BitTorrent bootstrap nodes or IPFS gateways on developer networks, as these are the malware’s communication channels and would be unusual in a typical development environment. Check whether any packages you maintain have had unauthorized versions published while the affected versions were in use on your machines.
“npm’s v12 is out, blocking post-install scripts, but threat actors didn’t need to use them as they just embedded the malicious code inside the main JavaScript file without being blocked.” concludes the report. “This amplifies the message we extensively discussed in npm Is Fighting the Right War With the Wrong Weapons – and we don’t see this trend changing anytime soon.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, AsyncAPI)

