Over 50,000 downloads
The open-source CI/CD utility CodeStream has been compromised in a significant software supply chain attack. On June 29, 2026, an unauthorized actor published a malicious version, 3.4.1, to the official package registry. This version contained code designed to steal sensitive environment variables, API keys, and other credentials from the systems it was running on. The malicious package was available for 36 hours and was downloaded an estimated 50,000 times before being removed. The developers have released a patched version, 3.4.2, and are advising all users to upgrade immediately and begin rotating all potentially exposed secrets.
This incident is a classic software supply chain attack, where attackers compromise the build or distribution process of a trusted piece of software to push malicious code to downstream users. The attack on CodeStream is particularly dangerous because CI/CD systems are central to modern software development and are often configured with highly privileged access to other systems.
3.4.1 was specifically designed to be an info-stealer. It scans the environment variables of the machine it runs on, searching for patterns that match common credential formats for services like AWS, GitHub, and Artifactory.The attack's sophistication lies in its targeting of the CI/CD pipeline. By compromising CodeStream, the attackers could potentially gain access to the 'crown jewels' of any organization using it: source code, private keys, and cloud infrastructure credentials. The choice to use DoH for exfiltration shows a level of technical competence aimed at evading network-based security controls.
Analysis by GitHub Security Lab confirmed the malicious behavior. The injected code would activate upon the execution of the CI/CD utility, perform its scan, and then send the collected data to an attacker-controlled server before continuing with its normal operations, making the malicious activity less obvious.
T1199 - Trusted Relationship - Attackers compromised the CodeStream project to attack its users.T1195.001 - Compromise Software Supply Chain - The core of the attack, compromising a software package to gain access to downstream systems.T1552.004 - Private Keys - The malware likely searched for SSH keys and other private keys.T1552.005 - Cloud Instance Metadata API - If running in a cloud environment, the malware could query the metadata service for credentials.T1048.003 - Exfiltration Over C2 Channel - Using DoH as a C2 channel to exfiltrate data.The potential impact for the 50,000+ downloads is severe. Any organization that downloaded and ran version 3.4.1 must assume that all secrets present in their CI/CD environment have been compromised. This includes:
With these secrets, attackers could steal source code, deploy malicious code into production, run up huge cloud bills (e.g., for crypto mining), or pivot deeper into the victim's network.
No specific Indicators of Compromise (e.g., file hashes, C2 domains) were mentioned in the source articles.
3.4.1 installed. This can be done via software inventory tools or by checking package manager logs.Network Traffic Analysis can help here.3.4.2 or later.Immediately updating to the clean version (3.4.2) removes the malicious code from the environment.
Rotating all compromised credentials is a critical remediation step to revoke the attacker's access.
Implementing strict egress filtering on build servers to block unexpected outbound connections like DoH can prevent data exfiltration.
While not a direct mitigation for this attack, using dependency scanning tools to verify the integrity (via checksums) of software packages can prevent the use of tampered components.
The most urgent action is to identify all instances of CodeStream v3.4.1 and immediately upgrade to the patched version, 3.4.2. Following the upgrade, a comprehensive credential rotation process must be initiated. Assume every secret, token, and key accessible by the CI/CD environment is compromised. This includes cloud provider keys, database passwords, and source control tokens. This is a painstaking but non-negotiable step to evict the attacker and remediate the breach. Use infrastructure-as-code to automate the rotation where possible.
Implement strict egress filtering rules for all build agents and CI/CD infrastructure. By default, all outbound traffic should be denied. Create explicit allow-lists for only the necessary destinations, such as your package registry, source control provider, and cloud provider APIs. The CodeStream attack used DNS-over-HTTPS for exfiltration, which could be blocked by disallowing outbound connections on port 443 to any destination not on the allow-list. This turns the network into a 'walled garden', preventing data exfiltration even if a component is compromised.
To prevent future supply chain attacks of this nature, implement a system of dependency verification. Pin dependencies to specific versions and verify their cryptographic hashes (e.g., SHA-256 checksums) against a known-good source during the build process. If a downloaded package's hash does not match the expected hash, the build should fail. This practice, often managed through lock files (e.g., package-lock.json, poetry.lock), would have prevented the malicious CodeStream v3.4.1 from being used, as its hash would not have matched the legitimate v3.4.0.
Malicious version 3.4.1 of CodeStream is published to the official package registry.

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.
Help others stay informed about cybersecurity threats
Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.
Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.
Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.
Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.
Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.