The MistEye security monitoring system detected anomalous versions of 32 npm packages under the @redhat-cloud-services organization. Three samples were analyzed offline: @redhat-cloud-services/[email protected], [email protected], and [email protected]. These packages are legitimate but contain a multi-layer obfuscated malicious loader triggered via npm's preinstall script. The attack chain involves a numeric array with ROT/Caesar substitution (shift values 10, 4, 11 respectively) decoding to AES-128-GCM decryption of a Bun runtime bootstrapper and a core malicious payload. The payload capabilities include GitHub Actions Runner memory reading, multi-cloud credential harvesting, GitHub API exfiltration, workflow injection, npm self-propagation, persistence via Claude Code / VS Code / systemd / LaunchAgent, Harden-Runner / StepSecurity evasion, and EDR detection. The malware is a variant of the Shai-Hulud family. Potential targets include developer workstations, CI/CD runners, build containers, GitHub repositories, Actions workflows, npm pipelines, and cloud credentials. The actual impact requires further verification through installation logs and platform telemetry.

Key facts

• 32 npm packages under @redhat-cloud-services compromised with malicious versions.
• Three samples analyzed: frontend-components-config, types, rule-components.
• Malicious loader triggered via npm preinstall script with multi-layer obfuscation.
• Capabilities include credential harvesting, GitHub/npm propagation, and persistence.
• Malware identified as a Shai-Hulud variant targeting dev workstations and CI/CD.
• Actual impact scope requires further verification via logs and telemetry.