Red Hat pulled dozens of packages from its software distribution pipeline on Monday after attackers used a compromised GitHub account to distribute credential-stealing malware to developers.

According to the company’s own preliminary analysis, a compromised GitHub account was used to push the malicious code out to customers, hitting 32 packages downloaded roughly 117,000 times a week.

Red Hat said it had since removed the affected packages and that “based on current findings, no actions from customers are required.”

The attack used a variant of the Mini Shai-Hulud self-propagating worm whose complete source code was published online May 12 by a cybercriminal group tracked as TeamPCP. As cybersecurity company Tenable noted, the criminals “simultaneously announced a $1,000 contest on BreachForums for the largest supply chain attack using the code.”

Whether Monday's attack was carried out by TeamPCP itself or a separate actor using its published code could not be immediately determined, researchers said. Palo Alto Networks' Unit 42 warned that the open-sourcing of the worm's code had already spawned copycat activity, making definitive attribution harder, and that Mini Shai-Hulud “is no longer scoped to TeamPCP.”

The attack's malware, which its authors named Miasma, differed from the TeamPCP original only cosmetically, with references to the science-fiction series Dune replaced by Greek mythology while the underlying credential-stealing functionality remained intact.

Monday's attack is the latest in a cascading series of supply chain intrusions stretching back to September 2025 — when the original Shai-Hulud worm prompted a CISA advisory — that have struck some of the world's most widely used developer tools.

Recent incidents have included an attack in March on LiteLLM, which allowed the cybercriminals to breach several organizations including AI recruiting company Mercor. The attack on LiteLLM was followed by a separate wave of compromises attributed to North Korean hackers targeting the axios JavaScript library.

That campaign prompted Mandiant chief technology officer Charles Carmakal to warn “the secrets stolen over the past two weeks will enable more software supply chain attacks, software-as-a-service environment compromises, ransomware and extortion events, and crypto heists over the next several days, weeks, and months.”

In May, GitHub confirmed it had been breached by TeamPCP after an employee's device was compromised via a malicious Visual Studio Code extension, with the group demanding $50,000 for stolen source code and threatening to leak it for free if no buyer came forward.

OpenAI had also warned that two of its employee devices had been compromised in the same wave, following a supply chain attack on the open-source library TanStack.

Speaking at the time of the LiteLLM compromise, Adam Reynolds, senior security researcher at Sonatype, warned that because “the malware targets such a broad range of credentials … this creates the potential for second- and third-order effects that may ripple outward over time, leading to further breaches, service disruptions, or misuse of sensitive data well beyond the initial point of compromise.”