Miasma worm targets Microsoft, compromises 73 GitHub repositories

Azure/durabletask repository compromised

On June 5, 2026, the Microsoft owned Azure/durabletask repository was compromised through a malicious commit titled “Switched DataConverter to OrchestrationContext [skip ci]” with modified metadata to display the commit date with March 9, 2020.  

The malicious commit included a heavily obfuscated “setup.js” file, settings files with LLM hooks for Claude and Gemini, and a workspace tasks file for Visual Studio Code, all designed to execute the JavaScript file using node.  

The durabletask repository has since been taken down from GitHub in response to this compromise.

Payloads executed the moment repository was opened

On June 5, 2026, 16:00:50 UTC, Microsoft’s quick response through automated GitHub actions swiftly disabled 73 repositories across multiple Microsoft-owned GitHub organization accounts to prevent further damage.

This campaign’s TTPs have shaken the current environment of supply chain compromises and elevated the impact of attacks. The malicious commit contained payloads which were executed the moment developers opened the repository in their development tool of choice. While prior campaigns relied on a malicious package being installed, that step has been entirely skipped.

Outside of the execution method, several changes and updates were made to this variant that previous sightings of Miasma did not include. The most obvious is the marker used to identify exfiltration repositories created by the malware. Previous campaigns used phrases such as “Shai Hulud: Here We Go Again” and its reverse “niagA oG eW ereH :duluH iahS”. This marker string leaves Dune terminology behind:

Hades: The End for the Damned

The campaign explicitly targets StepSecurity’s Harden-Runner by searching for associated container names and StepSecurity domains.  

This behavior suggests an effort to disable, evade, or interfere with sandboxing and security controls. By identifying Harden-Runner components, the malware can reduce the likelihood that its malicious actions will be logged, blocked, or alerted on, increasing its chances of operating undetected in developer CI/CD environments.

Three different GitHub API queries search for commits and their contents. The first query searches for the keyword “thebeautifulmarchoftime”:

api.github.com/search/commits?q=thebeautifulmarchoftime

If a commit is returned, the commit message is also parsed for a second keyword as well as a URL and signature:

thebeautifulsnadsoftime ([A-Za-z0-9+/=]{1,30})\.([A-Za-z0-9+/=]{1,700})

If this signature is verified against an embedded public key, the provided URL is navigated to, and the expected payload is downloaded and executed.

The second commit search is used to the previously created token new to this campaign, named IfYouYankThisTokenItWillNukeTheComputerOfTheOwnerFully. If this token is rejected, a command is executed that deletes the home and Documents folder of the compromised user:

rm –rf ~/; rm –rf ~/Documents

The final commit search is performed by a final stage payload named updater.py, which is used for local persistence and loops every hour, searching for commits matching firedalazer.

If a commit is located that matches its own embedded public key, the provided URL is downloaded and executed. Other than the new token name, these three queries are exactly the same as the previous campaign used to compromise RedHat npm packages.

Secrets and data exfiltrated from GitHub, AWS, Azure, and GCP

In line with the TTPs of each campaign observed, exfiltration is an integral part of the attack chain. The malicious payload exfiltrated secrets and sensitive information from a number of platforms including GCP, GitHub, AWS, and Azure, enabling further spread and compromise.

The exfiltration URL is constructed using GitHub repositories with the following nomenclature:

Adjective repo name list:

• stygian
• tartarean
• erebean
• infernal
• chthonic
• Acheronian
• Lethean
• Plutonian
• Abyssal
• Charonian
• Thanatic
• Funereal
• Nekyian
• Sepulchral
• Tenebrous
• Cimmerian

Noun repo name list:

• Cerberus
• Charon
• tartarus
• erebus
• asphodel
• Acheron
• styx
• lethe
• Cocytus
• phlegethon
• shade
• eidolon
• wraith
• Thanatos
• Hecate
• Persephone

The contents of these repositories contain a README.md file and a results folder. The README.md is the repository marker Hades * The End for the Damned. The contents of the results folder is a results-#.JSON file containing the exfiltrated data in envelope and key format.

Attackers accomplish this form of exfiltration by:

1. Transform the exfiltrated data into a serialized format allowing JSON to standardize the contents.
2. Compress the data using GZip.
3. Generate random AES key and nonce.
4. Encrypt the compressed data/envelope with AES-256-GCM.
5. Wrap the AES key using RSA needed for decryption.
6. Return the Base64 result of both the envelope and the key.

Mitigations for Miasma worm

1. Identify affected systems, killing any active or persistent systemd processes.
2. Check from evidence of execution/ payload artifact(s): search for /tmp/managed.pyz, pgsql-monitor.service, and ~/.cache/.sys-update-check
3. Rotate all credentials for key organizational systems on affected endpoints including: Azure service principals, AWS keys, GCP service accounts, Kubernetes secrets, SSH keys, GitHub tokens, database passwords, vaults, and any secrets that may be stored in environment variables.
4. Audit cloud resources for unusual behavior, unauthorized access using the exfiltrated credentials, and unusual or unidentified communication(s).
5. Verify endpoint behavior by cross referencing network logs for incoming/outgoing connections to check.git-service.com and t.m-kosche.com
6. Inspect other pods/instances for signs of lateral movement

IOCs

GitHub Repository Markers

• IfYouYankThisTokenItWillNukeTheComputerOfTheOwnerFully
• "Hades * The End for the Damned"

SHA256

• durabletask-1.4.1 (wheel):
  
  • 7d80b3ef74ad7992b93c31966962612e4e2ceb93e7727cdbd1d2a9af47d44ba8
• durabletask-1.4.1 (sdist):
  
  • 3de04fe2a76262743ed089efa7115f4508619838e77d60b9a1aab8b20d2cc8bf
• durabletask-1.4.2 (wheel):
  
  • aeaf583e20347bf850e2fabdcd6f4982996ba023f8c2cd56bbd299cfd56516f5
• durabletask-1.4.2 (sdist):
  
  • 85f54c089d78ebfb101454ec934c767065a342a43c9ee1beac8430cdd3b2086f
• durabletask-1.4.3 (wheel):
  
  • 877ff2531a63393c4cb9c3c86908b62d9c4fc3db971bc231c48537faae6cb3ec
• durabletask-1.4.3 (sdist):
  
  • c0b094e46842260936d4b97ce63e4539b99a3eae48b736798c700217c52569dc
• rope.pyz (payload):
  
  • 069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ce

Network Indicators

• check.git-service[.]com - Primary C2 / payload host
• t.m-kosche[.]com - Secondary C2 (TeamPCP infra)
• IP: 160.119.64.3 - C2 server
• check.git-service[.]com/rope.pyz - Payload download
• check.git-service[.]com/api/public/version - Exfiltration endpoint
• check.git-service[.]com/v1/models - Quarantine / persistence trigger

Host-Based Indicators

• /tmp/managed.pyz
• /usr/bin/pgmonitor.py or ~/.local/bin/pgmonitor.py
• ~/.cache/.sys-update-check
• ~/.cache/.sys-update-check-k8s
• pgsql-monitor.service
• python3 /tmp/managed.pyz
• /tmp/updater.py