importantSYS.SOURCE: The Hacker News• 2026-07-15T14:46:13+05:30
Compromised AsyncAPI npm Packages Distribute Multi-Stage Botnet Malware via IPFS
Four compromised npm packages in the @asyncapi namespace distributed a multi-stage botnet loader using IPFS, exploiting CI/CD pipeline compromises rather than stolen tokens. The malware employs persistence mechanisms, multiple C2 channels, and evasion techniques to avoid detection and enable credential theft and lateral movement.
Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity.
The affected packages are listed below -
@asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/specs(v6.11.2, v6.11.2-alpha.1)
"The
*** END OF TRANSMISSION ***