On June 1, 2026 at 11:15 UTC, security researcher sailikhith-stepsecurity from StepSecurity discovered 31 compromised npm packages under the @redhat-cloud-services/ scope containing credential-stealing malware. The attack targeted Red Hat's CI/CD infrastructure through GitHub Actions OIDC, representing a sophisticated supply chain attack vector that compromised the build pipeline rather than individual developer accounts.
Attackers Compromised GitHub Actions OIDC Pipeline Rather Than Developer Credentials
The compromised packages were published via GitHub Actions OIDC (OpenID Connect) from the RedHatInsights/javascript-clients repository, indicating the CI/CD pipeline itself was breached. This attack method is more sophisticated than traditional credential theft, as it targets the automated build infrastructure that publishes packages. The malware showed similarities to the Mini Shai-Hulud malware recently open-sourced by TeamPCP.
Each compromised package declared a preinstall script in package.json that executed 'node index.js' automatically during npm install, before any application code runs. The malicious index.js file measured 4.2 MB and was hidden behind multiple layers of obfuscation to evade detection.
Malware Performed Comprehensive Credential Sweep Across Multiple Cloud Platforms
The malicious payload conducted an extensive sweep targeting credentials from multiple sources:
- GitHub Actions secrets including GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN
- AWS access keys and session tokens
- GCP application default credentials and service account key files
- Azure service principal credentials and managed identity tokens
- HashiCorp Vault tokens
- Kubernetes service account tokens and kubeconfig files
- npm and PyPI publish tokens
- SSH private keys, Docker registry credentials, and GPG keys
31 Packages Affected Including Core Frontend Components and Client Libraries
Affected packages included critical Red Hat infrastructure components: chrome, compliance-client, config-manager-client, entitlements-client, eight separate frontend-components packages (notifications, remediations, config), three MCP integrations (hcc-feo-mcp, hcc-kessel-mcp, hcc-pf-mcp), and 11 additional client libraries including RBAC, patch, sources, and topological-inventory clients. Compromised versions ranged from 0.3.1 to 9.0.3.
The GitHub issue tracking the incident (#492) received 31 thumbs-up reactions and 26 watching notifications from the community. As of June 1, 14:51 UTC, no formal Red Hat response had been posted. Security researchers noted that Red Hat's engineering practice of version pinning prevented compromised versions from entering production systems.
Key Takeaways
- Security researcher discovered 31 compromised Red Hat npm packages on June 1, 2026 at 11:15 UTC containing credential-stealing malware
- Attackers compromised GitHub Actions OIDC pipeline rather than stealing individual developer credentials, representing a more sophisticated supply chain attack
- Malware executed automatically via preinstall scripts and targeted credentials across GitHub, AWS, GCP, Azure, Kubernetes, and multiple other platforms
- Affected packages included core Red Hat infrastructure components with versions ranging from 0.3.1 to 9.0.3
- Red Hat's version pinning practices prevented compromised packages from entering production systems despite the breach