Critical Vulnerability in AsyncAPI npm Packages Exposes Users to Attack
Key Takeaways A critical supply chain attack impacted AsyncAPI npm packages, compromising five releases with millions of weekly downloads. Attackers exploited a misconfigured GitHub Actions workflow...
Key Takeaways
- A critical supply chain attack impacted AsyncAPI npm packages, compromising five releases with millions of weekly downloads.
- Attackers exploited a misconfigured GitHub Actions workflow to steal an npm publishing token.
- The malicious packages deployed a multi-stage payload that established a persistent remote shell, capable of data exfiltration and arbitrary command execution.
- The vulnerability affects development workstations, build servers, and any environments that imported the trojanized modules.
- Immediate action is required to downgrade affected packages, remove compromised artifacts, and rotate credentials.
A significant supply chain compromise has been identified within the AsyncAPI npm ecosystem, leading to the distribution of malicious packages. This incident, impacting five distinct releases with an estimated 2.9 million combined weekly downloads, introduces substantial risk to developer environments and build pipelines.
Table Of Content
The attack vector originated from a misconfigured GitHub Actions workflow, allowing an attacker to gain unauthorized access to a critical npm publishing token. This breach enabled the attacker to publish trojanized versions of popular AsyncAPI packages, embedding persistent remote access capabilities within them.
Exploiting GitHub Actions for Token Theft
The infiltration began in the AsyncAPI generator repository. Researchers discovered that a GitHub Actions workflow was configured to use the pull_request_target trigger. This specific configuration inadvertently exposed repository secrets when external pull requests were checked out for review. Leveraging this vulnerability, the attacker initiated multiple pull requests, ultimately exfiltrating the npm token to rentry.co before deploying the compromised packages.
On July 14, analysts at Aikido said in a report that they identified these malicious releases. Their investigation revealed a sophisticated campaign that exploited the workflow weakness to establish a persistent remote-access implant. Crucially, the infection chain could be triggered by merely importing an affected package, rather than requiring a full installation. This distinction highlights the broad exposure risk across build processes and development activities.
Malicious Payload and Persistence Across OS
The compromised packages include asyncapi-specs versions 6.11.2 and 6.11.2-alpha.1, asyncapi-generator 3.3.1, asyncapi-generator-helpers 1.1.1, and asyncapi-generator-components 0.7.1. The malicious code was subtly integrated into core runtime modules such as schema exports, validation logic, utility functions, and error handling. This allowed the downloader to execute upon a standard require operation, bypassing typical npm lifecycle scripts that might raise suspicion.
Upon execution, the injected code fetched an encrypted Node.js loader from IPFS, saving it as sync.js in a user-specific NodeJS data directory. The precise location varied by operating system: Library/Application Support/NodeJS on macOS, LOCALAPPDATA on Windows, and .local/share/NodeJS on Linux. This initial loader then decrypted and launched a second-stage component, designed to ensure persistence beyond the original package execution.
Further analysis by researchers uncovered that the implant generated a unique cryptographic key pair and used a lock file to prevent multiple instances. It established persistence mechanisms tailored to each operating system: modifying shell startup files on macOS, creating a “Run” registry value on Windows, and writing a user service file on Linux. While the Linux service’s execution command appears to lack a necessary shell wrapper, potentially causing it to fail, the presence of these artifacts remains vital for incident response efforts.
Remote Shell Capabilities Elevate Threat Level
The deployed malware maintained a covert channel to an HTTP command-and-control (C2) server, sending encrypted beacons approximately every 30 seconds. Even when active reconnaissance features were disabled, these beacons contained redacted environmental information and probed for configuration files related to developer tools. More alarmingly, the implant provided attackers with a remote shell, granting them the ability to execute arbitrary commands, exfiltrate sensitive data, and potentially pivot deeper into compromised networks.
Interestingly, several configuration values within the malware, such as safeMode and a five percent execution setting, initially suggested a limited or canary deployment. However, code analysis revealed these settings did not genuinely restrict the malware’s functionality. Persistence was controlled by a separate toggle, and the percentage setting had no impact on victim selection. The use of unencrypted HTTP for command-and-control traffic also introduces an additional vulnerability, allowing potential network adversaries to inject plaintext commands if an encrypted command bundle is not present.
What You Should Do
- Downgrade Immediately: Update all affected AsyncAPI packages to their respective safe versions:
asyncapi-specs 6.11.1,asyncapi-generator 3.3.0,asyncapi-generator-helpers 1.1.0, andasyncapi-generator-components 0.7.0. - Remove Compromised Artifacts: Scour your project manifests, lockfiles, caches, internal mirrors, and build images to ensure all traces of the compromised releases are eradicated.
- System Hunt and Isolation: Actively search for any systems that may have imported the malicious modules. Isolate any suspected hosts immediately, prioritizing the preservation of volatile data for forensic analysis.
- Examine Persistence Mechanisms: Investigate detached Node processes and review persistence artifacts on all affected operating systems (macOS:
Library/Application Support/com.apple.spotlight/index-v2.cache, Linux:.cache/mesa/shadercache/glcache.binand.config/systemd/user/miasma-monitor.service, Windows:HOME.datand themiasma-monitorRun registry value). - Rotate All Credentials: Treat all credentials accessible from developer devices or build hosts as compromised. This includes npm tokens, source-control access, cloud credentials, CI/CD secrets, SSH and signing keys, and browser sessions. Rotate these credentials from a known clean machine.
- Rebuild Compromised Systems: Rebuild any systems confirmed to have been compromised from trusted sources.
- Network Investigation: Review network logs for connections to the identified C2 server (
85.137.53.71:8080,85.137.53.71:8081,85.137.53.71:8091), IPFS, Nostr (wss://relay.damus.io,wss://relay.nostr.com), Ethereum RPC (0x12c37A86a0Ed0beBe5d1d6a43E42f07860eAc710), DHT (router.bittorrent.com:6881,dht.transmissionbt.com:6881), and mDNS activity originating from Node processes.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.