Miasma Turns Trusted npm Packages Into Persistent Backdoors for Developer Machines

The Miasma v3 malware has compromised four legitimate AsyncAPI npm packages to establish persistent remote access backdoors on developer machines. By injecting malicious code into the build process, attackers can bypass security checks, requiring organizations to rotate credentials and isolate affected systems.

Edward Kiledjian @ekiledjian