The Miasma supply chain malware family has expanded beyond its initial npm package targets to weaponize GitHub Actions workflows, according to coordinated research published June 25 by Socket Security, StepSecurity, JFrog, Endor Labs, and OX Security. The latest wave struck 23 npm packages from the LeoPlatform and RStreams data pipeline ecosystems and a Go module from Verana Blockchain, extending Miasma’s reach across multiple package registries for the first time.
What Happened
On June 24, 2026, attackers force-pushed malicious commits to the codfish/semantic-release-action GitHub Action and redirected version tags to point to their payload. Any CI/CD workflow referencing one of those mutable tags then executed the attacker’s code directly inside the GitHub Actions runner environment. The payload stole GitHub OIDC tokens, harvested Personal Access Tokens matching known GitHub token patterns, encrypted the collected credentials with AES-128-GCM, and attempted to propagate itself into other repositories accessible using the stolen credentials.
In the LeoPlatform npm packages, the malware used a technique researchers called “Phantom Gyp”: a binding.gyp file triggered node-gyp execution and launched obfuscated JavaScript payloads staged through the Bun runtime. Attack goals included the theft of .env files, npm and PyPI tokens, SSH keys, Docker authentication files, and persistent access achieved through AI coding assistant configuration injection.
Why It Matters
This campaign demonstrates that the supply chain attack surface now extends from published packages to the CI/CD infrastructure that builds, tests, and deploys them. A compromised GitHub Actions runner has access to environment secrets that may not be stored in any published package: cloud credentials, deployment keys, and service account tokens injected at runtime. Credentials harvested from a CI runner can unlock production environments, cloud accounts, and downstream software distribution systems, compounding the blast radius far beyond the immediate victims.
One Insight for Security Leaders
The codfish/semantic-release-action compromise exposes a structural risk across thousands of projects: version-tag pinning for GitHub Actions. Mutable tags like v3 or v4 can be silently redirected to any commit by the maintainer or an attacker who gains repository access. A single force-push to a widely used Action can reach hundreds or thousands of downstream CI/CD pipelines before maintainers detect the change. Pinning Actions to immutable commit SHAs instead of version tags eliminates this exposure entirely and should be standard policy in any environment where CI/CD pipelines handle sensitive credentials.
For related coverage of supply chain attacks targeting developer infrastructure, see LastPass Customer Data Exposed in Klue Supply Chain Attack.
Source: Socket Security Research