Hackers exploit a GitHub Actions flaw to plant npm backdoors

On July 14, 2026, an attacker quietly took over part of the AsyncAPI open-source project and used it to push backdoored packages to npm, the registry that feeds millions of JavaScript projects. Researchers at Wiz, who tracked the incident under the name M-Red-Team, say four malicious @asyncapi packages (five versions in total) were published, and combined they pull in more than 140,000 downloads a day.

The dangerous twist is that this payload runs when a developer imports or requires the package in code, not merely when it is installed, widening the window in which unsuspecting projects can be infected.

How the attackers got in

The break-in exploited a well-known class of GitHub Actions weakness called a "pwn request." The asyncapi/generator repository had a workflow that triggered on pull requests using pull_request_target, which runs with full access to the repository's secrets, but then checked out and ran the untrusted code from the pull request itself. That combination hands a stranger's code the keys to the project.

To stay hidden, the attacker opened 37 pull requests, almost all of them adding a fake charity donation page as noise. One request, opened at 05:08 UTC, carried a markdown file with obfuscated JavaScript buried after about 1,000 bytes of whitespace. The workflow ran the code, which scanned the runner for secrets and exfiltrated a highly privileged Personal Access Token belonging to the asyncapi-bot service account to a dead-drop page on the rentry[.]co pastebin. Automated review flagged the payload, but by the time anyone could act the token was already stolen.

Worse, the risk was known. A contributor had filed a proof-of-concept for this exact flaw on April 29 and proposed a fix on May 17. That fix was still sitting unmerged 58 days later when the attack landed.

What the packages do

Using the stolen token, the attacker pushed a malicious commit and triggered the release pipeline, publishing the tainted packages. The malware hides on the first line of legitimate source files, padded with whitespace to push it off screen. It runs a staged infection: a first stage downloads an 8.25 MB encrypted bundle from IPFS, and the final stage is a roughly 92,000-line modular framework with classic trojan commands (directory listing, file upload and download) that establishes persistence through systemd user services on Linux and beacons to command-and-control infrastructure.

Wiz notes the code self-identifies as "M-RED-TEAM v6.4" and shares some traits with the Miasma malware framework and the earlier Shai-Hulud supply chain worm, though the researchers stopped short of a firm attribution. This is the latest in a run of registry poisonings that includes a recent campaign that backdoored 1,500 Arch Linux packages.

What you should do

Teams that use AsyncAPI tooling should audit their dependency trees for the affected @asyncapi packages and versions, pin to known-good releases, and rotate any developer or CI secrets that may have been exposed. A short list of indicators from the report follows.

This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.

Read the full analysis on IntelFusions