we saw that multiple github repos name as Miasma-Open-Source-Release started appearing yesterday which was pushed by a compromised developer accounts. then we pulled the source to dig deeper. And calling it a worm would be very small its kind of a complete supply chain framework you can see which is having ARCHITECTURE.md integration test etc. so it was kind of a product.
ARCHITECTURE.md was saying that it requires no C2 infrastructure and not have to deal with takedowns or maintaining infrastructure. it just stolen github PATs is only what is necessary.