Red Hat npm packages compromised in new Mini Shai-Hulud malware wave

Unknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment.

What the malware stole and how it can spread further

The compromised packages were published in two different GitHub source repositories on June 1, 2026, between 10:53 and 10:53:33 UTC and 13:44 and 13:46:47 UTC.

According to Wiz Security, a specific Red Hat employee GitHub account was compromised and “pushed malicious orphan commits to two RedHatInsights repositories, bypassing code review.”

It’s currently unknown how the employee’s GitHub account was compromised.

“The malware operates via a preinstall lifecycle hook that executes a 4.2 MB obfuscated JavaScript payload during npm install, before any application code runs,” Orca researchers explained.

It searchers for and exfiltrates AWS, GCP and Azure keys, tokesn and credentials, GitHub Actions tokens, HashiCorp Vault tokens, Kubernetes credentials and configuration files, SSH private keys, npm and PyPI publish tokens, and more.

The malicious payload seems to be a new version of TeamPCP’s Mini Shai-Hulud malware, which was used by the threat actors in previous supply chain attacks and open-sourced by them in May 2026.

“Using harvested npm authentication tokens, the payload attempts to publish new backdoored versions of packages the victim account has access to. Critically, it uses npm’s bypass_2fa publish parameter to override two-factor authentication requirements,” StepSecurity researchers noted.

“This capability is available to automation tokens and is used here to make the worm self-propagating even against accounts with 2FA enabled. Each successfully infected machine can autonomously seed the next wave of compromised packages without any further attacker involvement.”

According to Wiz researchers, this new variant has been equipped with new data collectors for cloud identities, and generates a uniquely encrypted payload for each infection.

“This variant creates repositories containing the description Miasma: The Spreading Blight,” they added.

Whether this attack was the work of TeamPCP or copycat attackers is also currently unknown.

Red Hat’s response and recommended actions

Red Hat removed most of the infected packages from the npm registry within two hours of publication, and said that “the packages are strictly limited to internal development, and the malicious code was never published for customer consumption via the console.redhat.com system.”

There’s currently no evidence of the attack having had an impact on customer or partner environments or Red Hat production systems, they added.

But developers and organizations that have installed one or more of the compromised package versions must do damage control.

Wiz researchers advise:

• Investigating developer workstations, CI/CD environments, and repositories for signs of compromise
• Auditing systems for the affected packages, GitHub Actions, and VSCode extensions
• Reviewing GitHub activity for unauthorized repositories, newly created access tokens, or suspicious workflow executions
• Rotating all keys, credentials and tokens that may have been accessed and harvested

“Finally, organizations should strengthen software supply chain defenses by implementing dependency allowlisting, SBOM generation, package verification, and improved monitoring of developer and build environments,” they added.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!