malware npm

rstreams-shard-util

discovered 2026-06-24

LeoPlatform package infected by Miasma worm. Phantom Gyp binding.gyp trigger, ROT-N + AES-128-GCM obfuscated Bun worm payload. Compromised via stolen czirker npm token.

Threat types

worm credential_stealer data_exfiltration

Malicious versions

  • 1.0.1

Campaigns