Researchers uncovered four malicious npm packages in the @asyncapi namespace distributing a multi-stage botnet loader. The compromised packages are @asyncapi/generator-helpers version 1.1.1, @asyncapi/generator-components version 0.7.1, @asyncapi/generator version 3.3.1, and @asyncapi/specs versions 6.11.2 and 6.11.2-alpha.1.
The discovery came from a coordinated analysis by OX Security, SafeDep, Socket, and StepSecurity. The botnet loader operates through multiple infection stages, allowing attackers to execute arbitrary code on developer machines and systems using these packages during installation or runtime.
The AsyncAPI namespace hosts libraries and tools for the AsyncAPI specification, an open standard for defining asynchronous APIs. These packages receive significant adoption across development environments, making the compromise particularly dangerous. Developers who installed affected versions risk exposing their machines and build pipelines to botnet infection.
The multi-stage approach used by the malware allows attackers to maintain flexibility in attack execution. Initial stages typically establish persistence and communication with command-and-control servers. Subsequent stages can deploy additional malware, steal credentials, harvest sensitive data, or recruit machines into larger botnet networks.
This incident reflects a pattern of npm supply chain attacks targeting namespace packages. Attackers compromise legitimate package accounts or namespace credentials to inject malicious code into widely-used libraries. Developers using these packages in production or development workflows face risks ranging from credential theft to code repository compromise.
Organizations using AsyncAPI packages should immediately audit their dependencies and update to patched versions once available. Developers should review npm install logs and check whether their systems downloaded these specific versions during the attack window. Build systems and CI/CD pipelines warrant particular attention since compromised dependencies in these environments can poison downstream software releases.
The
