malware
npm
rstreams-shard-util
discovered 2026-06-24LeoPlatform package infected by Miasma worm. Phantom Gyp binding.gyp trigger, ROT-N + AES-128-GCM obfuscated Bun worm payload. Compromised via stolen czirker npm token.
Threat types
worm credential_stealer data_exfiltration
Malicious versions
- 1.0.1