socket-dev · Crawled Jul 5, 2026
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
71 IoCs
Read original article ↗
AI Summary
The Miasma Mini Shai-Hulud supply chain campaign has expanded to compromise legitimate @immobiliarelabs npm packages, specifically Backstage plugins for GitLab and LDAP authentication. Malicious versions were published on June 26, 2026, using a hidden root-level index.js to execute a multi-stage payload that steals developer and CI/CD secrets, including tokens, SSH keys, and cloud credentials. The attack leverages GitHub Actions deployment triggers and may have originated from a compromised third-party GitHub Action, codfish/semantic-release-action, enabling further propagation through poisoned workflows and exfiltration to attacker-controlled repositories.
AI-extracted · verify before operational use
Indicators of Compromise 71 extracted
| Type | Value | Detail |
|---|---|---|
| Package | @immobiliarelabs/backstage-plugin-gitlab@1.0.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@2.1.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@3.0.3 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@4.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@5.2.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@6.13.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab@7.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@3.0.3 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@4.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@5.2.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@6.13.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-gitlab-backend@7.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@1.1.4 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@2.0.5 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@3.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@4.3.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth@5.2.1 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@1.1.3 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@2.0.5 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@3.0.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@4.3.2 | Details → |
| Package | @immobiliarelabs/backstage-plugin-ldap-auth-backend@5.2.1 | Details → |
| SHA-256 | dfcdec5f43cc8d127084a2ac4d66499f13bae7f49167e3291a6f1a70738772d1 | Details → |
| SHA-256 | 1e7b04a9a4a25eb7928821a5519b0a40f7afe0f6042a6860c918b62d369096ed | Details → |
| SHA-256 | 7a879ed69a8191df5c68535f6ac41b830577b698de943c66ff40e51482d90d79 | Details → |
| SHA-256 | 14253cd5b8acccbbacb5cd3bb0a099fb6b0aafe4d06d032e4070b3fb814677dd | Details → |
| SHA-256 | 2f6cbe3a79148bc247131c36cd12689c97166a9d141dd9d9466270b4c04c3e3e | Details → |
| SHA-256 | 8a71e7d9b6b1b6d3e7bee490e98b34595ceea207160fc7ed35e47f82160febbe | Details → |
| SHA-256 | 9df6bda43678708605dfaad35f02be8027e85e6aa38193704cf192f842f0d186 | Details → |
| SHA-256 | 2ffed3b58bc267c438c759cd03b3e890904f25bacd015608f888c302741cad29 | Details → |
| SHA-256 | 720571b83600cd61080a7779e7f44327e4df4974d4a01475439d2e59e11ab29f | Details → |
| SHA-256 | 60099babe48a48831262b40d4c5c1dd623726060da10c1e2f74f191c9c4cd81d | Details → |
| SHA-256 | 54086c0f23710ff45cb6bde498083d0a0098112aab9b0ef48e6e869a280f1b42 | Details → |
| SHA-256 | 3b24b47a66b17d39fbdb7deccc329342b18cec6feb967adbaf80e81a70ecc609 | Details → |
| SHA-256 | a09909e8981e17712ef38b363f94553e2f86b6c2abd6c87eada94d3d3aab937e | Details → |
| SHA-256 | 8746d49834ad938eebeaffd380b6302c94ab0b3258268c1a8c7e57ee7d5c11e1 | Details → |
| SHA-256 | 333f2e3753063447819a3c86cfc475fe4bd3f0a76c05262a61c3d18b50438bb5 | Details → |
| SHA-256 | 99eb789284fa62e3f956e81294247ae82f596ebf481c069ae45019ac4e879927 | Details → |
| SHA-256 | 869ffe5400477ce69bbfd5f51ddd0c40eacad9a83005956fb14787a5e1e98330 | Details → |
| SHA-256 | 7cd21d65d5a085d82d07275df9a66c6dfac4e13e43ea9ef44e84a3dd14ea1b3f | Details → |
| SHA-256 | 24c578c2573bf7a04f69c4762a36a87fd32746e9db4df16b2ad92f31fbdd0d50 | Details → |
| SHA-256 | ca89ece660251554b66f1e5e9874410d206e0f080da3039e1221f1c71d817395 | Details → |
| SHA-256 | 89c218ca407c2d92359b53a9e3b7b973a761dcf323d2fa1cc2dc12c13f27afaf | Details → |
| SHA-256 | ef89e81be6b9d81b9d4bc41dae5f10a7a68f33b17fd76affcf7dca2f5d50a843 | Details → |
| SHA-256 | cc00c23768bee76e2f297c1766a013a681efb519888545352cff96fc5cead035 | Details → |
| SHA-256 | 9d8ea3cefb942081a1409e842ddc541ccd65fb3e66a4f8dfe562ca8548dd09d9 | Details → |
| SHA-256 | d1db13a14db489531e11ccf700d7fd8701f61ad297ce02477e11acf194d3fed0 | Details → |
| SHA-256 | 8df5d46d91589e6a3ec8d87d6eea6c71fac103f9e10dff9b88c309c1e9129b07 | Details → |
| SHA-256 | 3667e7080c083563f6d05118d8b08f535b391fe2a5c0f98d5bd31f96257620f7 | Details → |
| SHA-256 | 63667208bcd2d307b307e6df43bf8960ccb7058333d00ba064ed53f180ec32ea | Details → |
| SHA-256 | 3809fd3a3a912abccaa7aa201880a2cfd194ae7f9dbdc747872cd045bcb3def5 | Details → |
| SHA-256 | 0ccd7c44a6352f295f65ffea21c2472566f9e73c4dd1028fe0b9971314b18de6 | Details → |
| SHA-256 | b38a73c365e5761fe0e7f25a391db3a264b1f2b4878a1c8cc127ba83d64e614c | Details → |
| SHA-256 | 0574f0bee78294a5f3495144ea6e05848c5fe8dcda11414e35c65aea46ce953b | Details → |
| SHA-256 | 441d834d8a97b3d76bd7a9ac73174a18c1add1bf80b21319c0cb2d5737782e83 | Details → |
| SHA-256 | cf46348e7a4beacc0b9600c9ece3bee140f344641e90d99c741bc54507423443 | Details → |
| SHA-256 | 8284d9bd16c9141d331d3b724f9d57ae2cae265bf326055e18d5cde4bb5985b7 | Details → |
| SHA-256 | d2aa3f9057c6f3295766aabed0a71a369353d6eb665049a45fd407fd55020fdb | Details → |
| SHA-256 | 7bc28ba4d33d010785a5289211ad6a0d968ec0abd56201d90d74921ad83d925d | Details → |
| SHA-256 | 8e83e3ece1a2a764a7c6fd78dd39cfb32cb38d22b7b3d92709cb5b87fa916403 | Details → |
| SHA-256 | ef01e18ccf618a8992ad0aa4eb7d804bbacf9f092d43d39237f283a9a289c9b9 | Details → |
| SHA-256 | b82f5f6f1d969ba8f32937a3d81306c631defa943b7cc7529e45a0003340ece5 | Details → |
| SHA-256 | b4f90f5515df39cf346bf436e284f2dae28c9341c035765d83d82a76c86922b7 | Details → |
| SHA-256 | 1623787aa0de7310a4585101212b41ae02d02801ebda5812395932392400c756 | Details → |
| SHA-256 | a16810f972f577f129f95f147e64aa4c70977035285d357a53958496c0531223 | Details → |
| SHA-256 | cf5d79494d8b1fdcb5480507eee8beeb2fcd69bcd9afcdc7dc1bcdda7461913e | Details → |
| SHA-256 | ef641e956f91d501b748085996303c96a64d67f63bfeef0dda175e5aa19cca90 | Details → |
| Filename | binding.gyp | Details → |
| GitHub Repo | codfish/semantic-release-action | Details → |
| GitHub User | simonecorsi | Details → |
| Registry User | services-admin-pearhealthlabs | Details → |