step-security · Crawled Jul 5, 2026
Multiple @immobiliarelabs Backstage Plugins Compromised on npm
25 IoCs
Read original article ↗
AI Summary
Multiple npm packages maintained by Immobiliare Labs were compromised on June 26, 2026, with malicious versions published across all major release lines simultaneously. The backdoored packages execute a credential-stealing payload during installation via a binding.gyp node-gyp hook, bypassing traditional postinstall detection. The payload harvests secrets from CI/CD environments, cloud providers, and package registries, and attempts persistence in AI coding assistant configurations. This activity is linked to the Miasma campaign, known for supply chain worm behavior and evasion techniques using the Bun runtime.
AI-extracted · verify before operational use
Indicators of Compromise 25 extracted
| Type | Value | Detail |
|---|---|---|
| Package | @immobiliarelabs/backstage-plugin-gitlab@1.0.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@2.1.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@3.0.3 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@4.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@5.2.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@6.13.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@7.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@3.0.3 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@4.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@5.2.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@6.13.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@7.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@1.1.4 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@2.0.5 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@3.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@4.3.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@5.2.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@1.1.3 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@2.0.5 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@3.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@4.3.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@5.2.1 | Details → |
| SHA-512 | k7pgy+wscfqx51fpf412doze6ksiythywzaxphu6pdv+r7jwnd98uc0nzgvfhf99nwWU4x56fkre/jH3Q7Xg== | Details → |
| Filename | binding.gyp | Details → |
| GitHub Repo | oven-sh/bun | Details → |