step-security · Crawled Jul 5, 2026

Multiple @immobiliarelabs Backstage Plugins Compromised on npm

25 IoCs
Read original article ↗

AI Summary

Multiple npm packages maintained by Immobiliare Labs were compromised on June 26, 2026, with malicious versions published across all major release lines simultaneously. The backdoored packages execute a credential-stealing payload during installation via a binding.gyp node-gyp hook, bypassing traditional postinstall detection. The payload harvests secrets from CI/CD environments, cloud providers, and package registries, and attempts persistence in AI coding assistant configurations. This activity is linked to the Miasma campaign, known for supply chain worm behavior and evasion techniques using the Bun runtime.

AI-extracted · verify before operational use

Indicators of Compromise 25 extracted

Type Value Detail
Package @immobiliarelabs/backstage-plugin-gitlab@1.0.1 Details →
Package @immobiliarelabs/backstage-plugin-gitlab@2.1.2 Details →
Package @immobiliarelabs/backstage-plugin-gitlab@3.0.3 Details →
Package @immobiliarelabs/backstage-plugin-gitlab@4.0.2 Details →
Package @immobiliarelabs/backstage-plugin-gitlab@5.2.1 Details →
Package @immobiliarelabs/backstage-plugin-gitlab@6.13.1 Details →
Package @immobiliarelabs/backstage-plugin-gitlab@7.0.2 Details →
Package @immobiliarelabs/backstage-plugin-gitlab-backend@3.0.3 Details →
Package @immobiliarelabs/backstage-plugin-gitlab-backend@4.0.2 Details →
Package @immobiliarelabs/backstage-plugin-gitlab-backend@5.2.1 Details →
Package @immobiliarelabs/backstage-plugin-gitlab-backend@6.13.1 Details →
Package @immobiliarelabs/backstage-plugin-gitlab-backend@7.0.2 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth@1.1.4 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth@2.0.5 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth@3.0.2 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth@4.3.2 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth@5.2.1 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth-backend@1.1.3 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth-backend@2.0.5 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth-backend@3.0.2 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth-backend@4.3.2 Details →
Package @immobiliarelabs/backstage-plugin-ldap-auth-backend@5.2.1 Details →
SHA-512 k7pgy+wscfqx51fpf412doze6ksiythywzaxphu6pdv+r7jwnd98uc0nzgvfhf99nwWU4x56fkre/jH3Q7Xg== Details →
Filename binding.gyp Details →
GitHub Repo oven-sh/bun Details →