Skip to content

Security advisory: compromised AsyncAPI packages (Miasma RAT) — pin safe versions #57

Description

@kunalsingh-safedep

Automated security advisory from SafeDep. This repository depends on an AsyncAPI npm package that an attacker compromised on 14 July 2026. We found the repo through the GitHub dependency graph, so you may already run a safe version. Confirm before making changes.

What happened

An attacker published trojanized releases of four AsyncAPI packages. The malicious code pulls the Miasma RAT from IPFS and harvests browser data, SSH keys, npm tokens, GitHub CLI credentials, AWS secrets, and crypto wallets. It drops a persistent backdoor named sync.js.

Malicious versions to remove

Package Malicious version
@asyncapi/generator 3.3.1
@asyncapi/generator-helpers 1.1.1
@asyncapi/generator-components 0.7.1
@asyncapi/specs 6.11.2, 6.11.2-alpha.1

Pin these safe versions

@asyncapi/generator@3.3.0
@asyncapi/generator-helpers@1.1.0
@asyncapi/generator-components@0.7.0
@asyncapi/specs@6.11.1

Update your manifest, delete the resolved entries from your lockfile, then reinstall.

Check whether you pulled the malicious build

Grep your lockfile for the versions above. Then look for the dropped backdoor:

  • Linux: ~/.local/share/NodeJS/sync.js
  • macOS: ~/Library/Application Support/NodeJS/sync.js
  • Windows: %LOCALAPPDATA%\NodeJS\sync.js

Watch for outbound traffic to 85.137.53.71 on ports 8080, 8081, and 8091.

If a malicious version reached your machine

Rotate every credential on it: npm tokens, GitHub tokens, SSH keys, AWS access keys, browser-stored passwords, and wallet keys. Rotate this repository's write tokens as well.

Full analysis

https://safedep.io/asyncapi-generator-supply-chain-attack-miasma-rat/

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions