Miasma worm

Attribution basis

These are the signal classes linking the members of this campaign — the broad evidence categories we use to attribute a package, not the raw indicators themselves.

• shared malware fingerprint
• OSV advisory cluster

Sample attributed packages

• nfets@0.0.116
• @otocolobus/node-icu-iana-from-windows@1.0.12
• @otocolobus/node-icu-iana-from-windows@1.0.8
• @otocolobus/node-icu-iana-from-windows@1.0.6
• autotel-subscribers@29.0.6
• autotel-eventcatalog@2.0.1
• autotel-mongoose@1.0.2
• autotel-mongoose@4.0.1
• autotel-mcp-instrumentation@29.0.2
• sharp@0.35.1
• @platformatic/rdkafka@4.0.0
• @platformatic/rdkafka@4.0.1
• sharp@0.35.1-rc.1
• sharp@0.35.1-rc.0
• @revizly/sharp@0.35.0-revizly36
• rclnodejs@1.9.0
• rclnodejs@2.1.0-beta.0
• node-env-resolver-aws@10.0.1
• @venos-inc/venos@0.1.2
• executable-stories-cypress@6.1.1
• executable-stories-jest@6.1.1
• executable-stories-playwright@6.1.1
• executable-stories-vitest@4.0.1
• executable-stories-vitest@6.1.1
• node-libcurl@2.1.0
• node-libcurl@5.1.2
• node-libcurl@2.1.0-5
• nfets@0.0.115
• sharp@0.35.0
• @venos-inc/venos@0.1.1

PkgRadar attributes coordinated supply-chain campaigns and blocks their packages at the CI gate. Start free or see all tracked campaigns.