Introduction
In July 2026, the JavaScript ecosystem faced a significant supply-chain attack targeting the popular @asyncapi namespace. Security researchers from OX Security, SafeDep, Socket, and StepSecurity identified four malicious npm packages designed to deliver a multi-stage compromised device network loader.
For defenders, this represents a critical breach of the software supply chain. Unlike simple typo-squatting attacks, these packages reside within a legitimate, widely-used namespace, increasing the likelihood of inadvertent installation in development and CI/CD environments. The payload—a multi-stage loader—indicates an intent to establish persistent control over infected devices, potentially for botnet operations or further lateral movement. Immediate action is required to identify and evict these artifacts from your environments.
Technical Analysis
Affected Products and Versions
The compromise is isolated to specific versions of packages within the @asyncapi namespace. The following versions are confirmed malicious and must be treated as compromised:
@asyncapi/generator-helpersversion1.1.1@asyncapi/generator-componentsversion0.7.1@asyncapi/generatorversion3.3.1@asyncapi/specsversions6.11.2and6.11.2-alpha.1
Attack Chain and Mechanism
-
Initial Compromise: Attackers likely compromised the maintainer's account or the publishing pipeline for the
@asyncapinamespace, allowing them to publish malicious versions that overwrite legitimate version numbers (or publish new, unreviewed versions). -
Installation: When a developer or CI/CD pipeline runs
npm install, the package manager retrieves the compromised tarball from the public npm registry. -
Execution: Upon installation, the malicious packages execute post-install scripts inherent to the Node.js ecosystem.
-
Payload Delivery: The packages deliver a "multi-stage compromised device network loader." This suggests the initial script fetches a subsequent payload (Stage 2) from a remote command-and-control (C2) infrastructure, which then facilitates device compromise.
Exploitation Status
This is not a theoretical vulnerability. Active exploitation has been confirmed by multiple security firms. The malicious packages were available in the public registry and have likely been integrated into build pipelines globally.
Detection & Response
SIGMA Rules
The following Sigma rules detect the installation process of the specific malicious versions and the presence of the malicious package files on disk.
---
title: Suspicious Installation of Compromised AsyncAPI Packages
id: 8a2b3c4d-1e5f-4a6b-8c9d-0e1f2a3b4c5d
status: experimental
description: Detects the installation of specific compromised versions of @asyncapi packages via npm CLI.
references:
- https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html
author: Security Arsenal
date: 2026/07/15
tags:
- attack.initial_access
- attack.supply_chain
logsource:
category: process_creation
product: windows
# Note: Adapt logsource.product to linux or macos if auditing unix build agents
detection:
selection_npm:
Image|endswith:
- '\npm.cmd'
- '\npm.exe'
- '/npm'
selection_cli:
CommandLine|contains:
- '@asyncapi/generator-helpers@1.1.1'
- '@asyncapi/generator-components@0.7.1'
- '@asyncapi/generator@3.3.1'
- '@asyncapi/specs@6.11.2'
- '@asyncapi/specs@6.11.2-alpha.1'
condition: all of selection_*
falsepositives:
- Legitimate testing of the specific compromised version for incident response purposes
level: critical
---
title: File System Presence of Compromised AsyncAPI Packages
id: 9b3c4d5e-2f6a-5b7c-9d0e-1f2a3b4c5d6e
status: experimental
description: Detects the presence of malicious package. files indicating the compromised AsyncAPI versions are installed on disk.
references:
- https://thehackernews.com/2026/07/compromised-asyncapi-npm-packages.html
author: Security Arsenal
date: 2026/07/15
tags:
- attack.persistence
- attack.supply_chain
logsource:
category: file_creation
product: windows
detection:
selection_path:
TargetFilename|contains:
- 'node_modules/@asyncapi/generator-helpers/package.'
- 'node_modules/@asyncapi/generator-components/package.'
- 'node_modules/@asyncapi/generator/package.'
- 'node_modules/@asyncapi/specs/package.'
selection_content:
# Note: Content analysis requires specific telemetry (e.g., Sysmon streams or advanced EDR) not available in all logs.
# This section is conceptual for environments that capture file content hash on creation.
# In practice, verify the 'version' field inside these specific files.
TargetFilename|contains: 'package.'
condition: selection_path
falsepositives:
- Installation of non-malicious versions (verify specific version strings in the file)
level: high
KQL (Microsoft Sentinel / Defender)
Use this query to hunt for process execution events indicating the installation of these malicious artifacts across your environment.
// Hunt for npm install commands involving compromised AsyncAPI versions
DeviceProcessEvents
| where Timestamp >= datetime(2026-07-01)
| where ProcessVersionInfoOriginalFileName in ("npm.exe", "node.exe")
or FileName in ("npm", "node")
| extend ParsedCommandLine = parse_command_line(CommandLine, "windows")
| where CommandLine has_any("@asyncapi/generator-helpers", "@asyncapi/generator-components", "@asyncapi/generator", "@asyncapi/specs")
| where CommandLine has_any("@1.1.1", "@0.7.1", "@3.3.1", "@6.11.2")
| project Timestamp, DeviceName, AccountName, InitiatingProcessAccountName, CommandLine, FolderPath
| order by Timestamp desc
Velociraptor VQL
This artifact hunts for the specific package files on disk to determine if the compromised versions have been extracted into node_modules directories.
-- Hunt for compromised AsyncAPI package. files
SELECT FullPath, Mtime, Size,
read_file(filename=FullPath + "/package.") AS Content
FROM glob(globs="*/node_modules/@asyncapi/*/package.")
WHERE -- Check if the package path matches the specific compromised packages
FullPath =~ "generator-helpers" OR
FullPath =~ "generator-components" OR
FullPath =~ "@asyncapi/generator" OR
FullPath =~ "specs"
-- Note: Further parsing of Content JSON for specific version strings required
Remediation Script (Bash)
Run this script in your project root directories to identify if package-lock. specifies the compromised versions. This assumes a Linux/macOS or Git Bash environment.
#!/bin/bash
# Array of compromised packages and versions
# Format: "package_name:version"
COMPROMISED=(
"@asyncapi/generator-helpers:1.1.1"
"@asyncapi/generator-components:0.7.1"
"@asyncapi/generator:3.3.1"
"@asyncapi/specs:6.11.2"
"@asyncapi/specs:6.11.2-alpha.1"
)
echo "Checking for compromised AsyncAPI packages in package-lock...."
FOUND=0
for item in "${COMPROMISED[@]}"; do
PACKAGE="${item%%:*}"
VERSION="${item##*:}"
# Grep for the package and version in package-lock.
if grep -q "\"$PACKAGE\"" package-lock. && grep -q "\"$VERSION\"" package-lock.; then
echo "[!] COMPROMISED PACKAGE FOUND: $PACKAGE@$VERSION"
FOUND=1
fi
done
if [ $FOUND -eq 0 ]; then
echo "[-] No compromised package versions found in package-lock.."
echo "[!] Note: You must still verify node_modules if lock file integrity is uncertain."
else
echo "[!] ACTION REQUIRED: Audit the project immediately and rebuild using clean dependencies."
echo " Recommended action: npm ci or rm -rf node_modules package-lock. && npm install"
fi
Remediation
-
Immediate Identification: Audit all
package.andpackage-lock.files in your source code repositories for the versions listed above. -
Removal and Reversion:
- Remove the compromised versions:
npm uninstall @asyncapi/generator-helpers @asyncapi/generator-components @asyncapi/generator @asyncapi/specs - Reinstall the latest verified safe versions. As of July 2026, consult the official AsyncAPI GitHub or npm registry for the latest secure release. Do not simply pin to a previous version without verifying its integrity.
- Alternatively, force a clean install: Delete
node_modulesandpackage-lock., then runnpm install(assuming yourpackage.defines safe version ranges).
- Remove the compromised versions:
-
Environment Sanitization: If these packages were executed in a CI/CD pipeline or a developer workstation, treat the host as potentially compromised.
- Rotate any credentials (API keys, tokens) stored in environment variables accessible to the build process.
- Scan the environment for the multi-stage loader payload using updated EDR signatures.
-
Vendor Advisory: Refer to the official security advisories released by AsyncAPI and the analysis reports by OX Security and Socket for IOCs (Indicators of Compromise) related to the C2 infrastructure used by the loader.
Related Resources
Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.