SAP-Related npm Packages Compromised in Major Credential-Stealing Supply Chain Attack

Global
SAP-Related npm Packages Compromised in Major Credential-Stealing Supply Chain Attack

Published:

Written by: Staff Editor
spot_img

SAP-Related npm Packages Compromised in Major Credential-Stealing Supply Chain Attack

Cybersecurity experts have raised significant concerns regarding a recent supply chain attack targeting SAP-related npm packages. This campaign, identified as “mini Shai-Hulud,” has been linked to credential-stealing malware that poses serious risks to developers and organizations utilizing these packages.

Overview of the Attack

Reports from various cybersecurity firms, including Aikido Security, SafeDep, Socket, StepSecurity, and Wiz, indicate that the attack has compromised several npm packages integral to SAP’s JavaScript and cloud application development ecosystem. The affected packages include:

  • mbt@1.2.48
  • @cap-js/db-service@2.10.1
  • @cap-js/postgres@2.2.2
  • @cap-js/sqlite@2.2.2

The compromised versions introduced unexpected installation-time behaviors. Specifically, they added a preinstall script that functions as a runtime bootstrapper. This script downloads a platform-specific Bun ZIP from GitHub Releases, extracts it, and executes the extracted Bun binary.

Technical Details of the Malware

The malware is engineered to harvest sensitive information, including local developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud secrets from environments such as AWS, Azure, GCP, and Kubernetes. The stolen data is encrypted and exfiltrated to public GitHub repositories created under the victim’s account, often with the description “A Mini Shai-Hulud has Appeared.” As of now, there are over 1,100 repositories with this description.

The payload, which is approximately 11.6 MB, has self-propagation capabilities through developer and release workflows. It utilizes GitHub and npm tokens to inject a malicious GitHub Actions workflow into the victim’s repositories, enabling it to steal repository secrets and publish compromised versions of the npm packages to the registry.

Distinct Features of the Attack

This incident exhibits notable differences from previous waves of the Shai-Hulud campaign. Key distinctions include:

  • All exfiltrated data is encrypted using AES-256-GCM, with the encryption key encapsulated using RSA-4096, making it decipherable only to the attacker.
  • The malware appears to be operational on Russian-locale systems.
  • The payload injects itself into every accessible GitHub repository by adding a “.claude/settings.json” file that exploits Claude Code’s SessionStart hook, along with a “.vscode/tasks.json” file that includes a “runOn”: “folderOpen” setting. This configuration ensures that any attempt to open the infected repository in Microsoft Visual Studio Code or Claude Code triggers the malware.

This attack is considered one of the first supply chain incidents to target AI coding agent configurations as a means of persistence and propagation.

Root Cause Analysis

Investigations into the attack’s origins reveal that the attackers compromised the account of RoshniNaveenaS, responsible for the three “@cap-js” packages. They subsequently pushed a modified workflow to a non-main branch and exploited an extracted npm OIDC token to publish the malicious packages without proper provenance. The attack on the mbt package is suspected to involve the compromise of the “cloudmtabot” static npm token through an undetermined channel.

The cds-dbs team had transitioned to npm OIDC trusted publishing in November 2025. This setup allows GitHub Actions to request short-lived npm tokens without storing long-lived secrets in the repository. The attacker manually reproduced this exchange in a CI step, capturing the resulting token.

Configuration Vulnerabilities

A critical configuration gap was identified in npm’s OIDC trusted publisher setup for the @cap-js/sqlite package. This configuration allowed any workflow in the cap-js/cds-dbs repository to be trusted, not just the canonical release-please.yml on the main branch. Consequently, a branch push could exchange an OIDC token on behalf of the package if the workflow had id-token: write permission and the environment: npm reference.

In response to the incident, the maintainers of the affected packages have released new safe versions that supersede the compromised releases.

For further insights into this incident and its implications, refer to the detailed analysis provided by cybersecurity experts.

Source: thehackernews.com

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

Parkin Strengthens Dubai’s Parking Network with Strategic Collaboration to Integrate Autonomous Mobility Solutions

Regional
Parkin Strengthens Dubai's Parking Network with Strategic Collaboration to Integrate Autonomous Mobility Solutions Dubai's urban landscape is set for a transformative shift as Parkin Company...
Read more

China-Linked Hackers Spearhead Phishing Campaigns Targeting Journalists and Activists Across 100 Malicious Domains

Global
China-Linked Hackers Spearhead Phishing Campaigns Targeting Journalists and Activists Across 100 Malicious Domains Freelance hackers associated with the Chinese government have orchestrated extensive phishing campaigns...
Read more

GitHub Resolves Critical RCE Vulnerability CVE-2026-3854 in Under Two Hours

Dark Watch
GitHub Resolves Critical RCE Vulnerability CVE-2026-3854 in Under Two Hours Cybersecurity researchers have uncovered a significant remote code execution (RCE) vulnerability, designated CVE-2026-3854, that impacts...
Read more

Automation Advances Female Wellbeing: Insights from OneSun’s CEO on Transforming Work in the UAE

Features
Automation Advances Female Wellbeing: Insights from OneSun's CEO on Transforming Work in the UAE In recent years, the intersection of technology and gender equality has...
Read more