malware
npm
@immobiliarelabs/backstage-plugin-ldap-auth
discovered 2026-06-26Backstage LDAP authentication frontend plugin infected by Miasma worm Wave 5. Phantom Gyp binding.gyp trigger with ROT13+eval() obfuscated 4.8 MB index.js. Multiple historical versions infected. Frontend auth component for LDAP directory integration in Backstage.
Threat types
worm credential_stealer data_exfiltration
Malicious versions
- 1.1.4
- 2.0.5
- 3.0.2
- 4.3.2