Back to Intelligence

AsyncAPI npm Supply Chain Attack: Multi-Stage Loader Detection and Removal

SA
Security Arsenal Team
July 15, 2026
6 min read

Introduction

In July 2026, the JavaScript ecosystem faced a significant supply-chain attack targeting the popular @asyncapi namespace. Security researchers from OX Security, SafeDep, Socket, and StepSecurity identified four malicious npm packages designed to deliver a multi-stage compromised device network loader.

For defenders, this represents a critical breach of the software supply chain. Unlike simple typo-squatting attacks, these packages reside within a legitimate, widely-used namespace, increasing the likelihood of inadvertent installation in development and CI/CD environments. The payload—a multi-stage loader—indicates an intent to establish persistent control over infected devices, potentially for botnet operations or further lateral movement. Immediate action is required to identify and evict these artifacts from your environments.

Technical Analysis

Affected Products and Versions

The compromise is isolated to specific versions of packages within the @asyncapi namespace. The following versions are confirmed malicious and must be treated as compromised:

  • @asyncapi/generator-helpers version 1.1.1
  • @asyncapi/generator-components version 0.7.1
  • @asyncapi/generator version 3.3.1
  • @asyncapi/specs versions 6.11.2 and 6.11.2-alpha.1

Attack Chain and Mechanism

  1. Initial Compromise: Attackers likely compromised the maintainer's account or the publishing pipeline for the @asyncapi namespace, allowing them to publish malicious versions that overwrite legitimate version numbers (or publish new, unreviewed versions).

  2. Installation: When a developer or CI/CD pipeline runs npm install, the package manager retrieves the compromised tarball from the public npm registry.

  3. Execution: Upon installation, the malicious packages execute post-install scripts inherent to the Node.js ecosystem.

  4. Payload Delivery: The packages deliver a "multi-stage compromised device network loader." This suggests the initial script fetches a subsequent payload (Stage 2) from a remote command-and-control (C2) infrastructure, which then facilitates device compromise.

Exploitation Status

This is not a theoretical vulnerability. Active exploitation has been confirmed by multiple security firms. The malicious packages were available in the public registry and have likely been integrated into build pipelines globally.

Detection & Response

SIGMA Rules

The following Sigma rules detect the installation process of the specific malicious versions and the presence of the malicious package files on disk.

YAML
---
title: Suspicious Installation of Compromised AsyncAPI Packages
id: 8a2b3c4d-1e5f-4a6b-8c9d-0e1f2a3b4c5d
status: experimental
description: Detects the installation of specific compromised versions of @asyncapi packages via npm CLI.
references:
  - https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html
author: Security Arsenal
date: 2026/07/15
tags:
  - attack.initial_access
  - attack.supply_chain
logsource:
  category: process_creation
  product: windows
  # Note: Adapt logsource.product to linux or macos if auditing unix build agents
detection:
  selection_npm:
    Image|endswith:
      - '\npm.cmd'
      - '\npm.exe'
      - '/npm'
  selection_cli:
    CommandLine|contains:
      - '@asyncapi/generator-helpers@1.1.1'
      - '@asyncapi/generator-components@0.7.1'
      - '@asyncapi/generator@3.3.1'
      - '@asyncapi/specs@6.11.2'
      - '@asyncapi/specs@6.11.2-alpha.1'
  condition: all of selection_*
falsepositives:
  - Legitimate testing of the specific compromised version for incident response purposes
level: critical
---
title: File System Presence of Compromised AsyncAPI Packages
id: 9b3c4d5e-2f6a-5b7c-9d0e-1f2a3b4c5d6e
status: experimental
description: Detects the presence of malicious package. files indicating the compromised AsyncAPI versions are installed on disk.
references:
  - https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html
author: Security Arsenal
date: 2026/07/15
tags:
  - attack.persistence
  - attack.supply_chain
logsource:
  category: file_creation
  product: windows
detection:
  selection_path:
    TargetFilename|contains:
      - 'node_modules/@asyncapi/generator-helpers/package.'
      - 'node_modules/@asyncapi/generator-components/package.'
      - 'node_modules/@asyncapi/generator/package.'
      - 'node_modules/@asyncapi/specs/package.'
  selection_content:
    # Note: Content analysis requires specific telemetry (e.g., Sysmon streams or advanced EDR) not available in all logs. 
    # This section is conceptual for environments that capture file content hash on creation.
    # In practice, verify the 'version' field inside these specific files.
    TargetFilename|contains: 'package.'
  condition: selection_path
falsepositives:
  - Installation of non-malicious versions (verify specific version strings in the file)
level: high

KQL (Microsoft Sentinel / Defender)

Use this query to hunt for process execution events indicating the installation of these malicious artifacts across your environment.

KQL — Microsoft Sentinel / Defender
// Hunt for npm install commands involving compromised AsyncAPI versions
DeviceProcessEvents
| where Timestamp >= datetime(2026-07-01)
| where ProcessVersionInfoOriginalFileName in ("npm.exe", "node.exe") 
   or FileName in ("npm", "node")
| extend ParsedCommandLine = parse_command_line(CommandLine, "windows")
| where CommandLine has_any("@asyncapi/generator-helpers", "@asyncapi/generator-components", "@asyncapi/generator", "@asyncapi/specs")
| where CommandLine has_any("@1.1.1", "@0.7.1", "@3.3.1", "@6.11.2")
| project Timestamp, DeviceName, AccountName, InitiatingProcessAccountName, CommandLine, FolderPath
| order by Timestamp desc

Velociraptor VQL

This artifact hunts for the specific package files on disk to determine if the compromised versions have been extracted into node_modules directories.

VQL — Velociraptor
-- Hunt for compromised AsyncAPI package. files
SELECT FullPath, Mtime, Size,
       read_file(filename=FullPath + "/package.") AS Content
FROM glob(globs="*/node_modules/@asyncapi/*/package.")
WHERE -- Check if the package path matches the specific compromised packages
  FullPath =~ "generator-helpers" OR 
  FullPath =~ "generator-components" OR 
  FullPath =~ "@asyncapi/generator" OR 
  FullPath =~ "specs"
  -- Note: Further parsing of Content JSON for specific version strings required

Remediation Script (Bash)

Run this script in your project root directories to identify if package-lock. specifies the compromised versions. This assumes a Linux/macOS or Git Bash environment.

Bash / Shell
#!/bin/bash

# Array of compromised packages and versions
# Format: "package_name:version"
COMPROMISED=(
  "@asyncapi/generator-helpers:1.1.1"
  "@asyncapi/generator-components:0.7.1"
  "@asyncapi/generator:3.3.1"
  "@asyncapi/specs:6.11.2"
  "@asyncapi/specs:6.11.2-alpha.1"
)

echo "Checking for compromised AsyncAPI packages in package-lock...."

FOUND=0

for item in "${COMPROMISED[@]}"; do
  PACKAGE="${item%%:*}"
  VERSION="${item##*:}"
  
  # Grep for the package and version in package-lock.
  if grep -q "\"$PACKAGE\"" package-lock. && grep -q "\"$VERSION\"" package-lock.; then
    echo "[!] COMPROMISED PACKAGE FOUND: $PACKAGE@$VERSION"
    FOUND=1
  fi
done

if [ $FOUND -eq 0 ]; then
  echo "[-] No compromised package versions found in package-lock.."
  echo "[!] Note: You must still verify node_modules if lock file integrity is uncertain."
else
  echo "[!] ACTION REQUIRED: Audit the project immediately and rebuild using clean dependencies."
  echo " Recommended action: npm ci or rm -rf node_modules package-lock. && npm install"
fi

Remediation

  1. Immediate Identification: Audit all package. and package-lock. files in your source code repositories for the versions listed above.

  2. Removal and Reversion:

    • Remove the compromised versions: npm uninstall @asyncapi/generator-helpers @asyncapi/generator-components @asyncapi/generator @asyncapi/specs
    • Reinstall the latest verified safe versions. As of July 2026, consult the official AsyncAPI GitHub or npm registry for the latest secure release. Do not simply pin to a previous version without verifying its integrity.
    • Alternatively, force a clean install: Delete node_modules and package-lock., then run npm install (assuming your package. defines safe version ranges).
  3. Environment Sanitization: If these packages were executed in a CI/CD pipeline or a developer workstation, treat the host as potentially compromised.

    • Rotate any credentials (API keys, tokens) stored in environment variables accessible to the build process.
    • Scan the environment for the multi-stage loader payload using updated EDR signatures.
  4. Vendor Advisory: Refer to the official security advisories released by AsyncAPI and the analysis reports by OX Security and Socket for IOCs (Indicators of Compromise) related to the C2 infrastructure used by the loader.

Related Resources

Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub

sigma-rulekql-detectionthreat-huntingdetection-engineeringsiem-detectionsupply-chainnpmasyncapimalwaredevsecops

Is your security operations ready?

Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.