Miasma Worm Goes Open Source: What's Actually Inside It. Complete Analysis (thecybersecguru.com)

submitted 4 days ago by WPSteam@lemmy.world to c/cybersecurity@infosec.pub

1 comments fedilink hide all child comments

cross-posted from: https://lemmy.world/post/47960526

The Miasma supply chain worm just went open source. Here's an analysis of it... Initial observations - 5-layer obfuscation, GitHub-as-C2, AI tool config hijacking, dead-man switches, and a self-perpetuating PAT flywheel.

you are viewing a single comment's thread
view the rest of the comments

[-] wizzim@infosec.pub 1 points 4 days ago* (last edited 4 days ago)

Very interesting read! One thing I don't understand is this:

The ActionMutator targets custom GitHub Actions by force-pushing trojanized commits to their semver tags. Any downstream workflow that references uses: owner/action@v1 gets the compromised version next time it runs.

Does it mean we should not use Semver when referring to the actions? We should be using the action hash instead?

Or maybe the Semver with a version including the patch level?

this post was submitted on 09 Jun 2026

1 points (66.7% liked)

cybersecurity

6217 readers

87 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 3 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub