Endor Labs reports that trojanized ai-sdk-ollama releases were part of the Miasma npm worm campaign, using binding.gyp install hooks to execute malware, steal cloud credentials, and spread through maintainer accounts across developer machines, CI systems, and AI coding agent environments.
Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp
Endor Labs reports that trojanized ai-sdk-ollama releases were part of the Miasma npm worm campaign, using binding.gyp install hooks to execute malware, steal cloud credentials, and spread through maintainer accounts across developer machines, CI systems, and AI coding agent environments.
Source: Endorlabs