Ethical Hacking News
A new supply chain attack has targeted SAP-related npm packages with credential-stealing malware, compromising over 1,100 GitHub repositories worldwide. The attack highlights the growing concern for developers who use these packages in their projects.
Affected SAP-related npm packages were compromised in a supply chain attack.The malicious campaign, "mini Shai-Hulud," affected packages associated with SAP's JavaScript and cloud application development ecosystem.The compromised releases introduced a preinstall script that downloaded and executed a credential-stealing payload.The malware harvested local developer credentials, GitHub tokens, and cloud secrets from AWS, Azure, GCP, and Kubernetes.More than 1,100 public GitHub repositories were created with encrypted stolen data, each with a description "A Mini Shai-Hulud has Appeared."The payload was designed to self-propagate through developer and release workflows using GitHub tokens.The attack exploited a critical configuration gap in npm's OIDC trusted publisher setup for the affected packages.New safe versions of the affected packages have been released to supersede the compromised releases.
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack: A Growing Concern for Developers
The cybersecurity landscape has recently witnessed a significant threat to the integrity of developer workflows, courtesy of a supply chain attack targeting SAP-related npm packages. According to reports from reputable sources such as Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the malicious campaign, dubbed the "mini Shai-Hulud," has affected several packages associated with SAP's JavaScript and cloud application development ecosystem.
The affected versions of these packages introduced new installation-time behavior that deviated from their expected functionality. Specifically, the compromised releases included a preinstall script that acted as a runtime bootstrapper, downloading a platform-specific Bun ZIP from GitHub Releases, extracting it, and immediately executing the extracted Bun binary. This implementation followed HTTP redirects without validating the destination and utilized PowerShell with -ExecutionPolicy Bypass on Windows, thereby increasing the risk for affected developer and CI/CD environments.
A thorough analysis of the malicious packages revealed that they were published on April 29, 2026, between 09:55 UTC and 12:14 UTC. The poisoned packages introduced a new package.json preinstall hook that ran a file named "setup.mjs," which acted as a loader for the Bun JavaScript runtime to execute the credential stealer and propagation framework ("execution.js").
The malware was designed to harvest local developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud secrets from AWS, Azure, GCP, and Kubernetes. The stolen data was encrypted and exfiltrated to public GitHub repositories created on the victim's own account with a description "A Mini Shai-Hulud has Appeared." As of writing, there were more than 1,100 repositories with this description.
Furthermore, the payload came equipped with capabilities to self-propagate through developer and release workflows. Specifically, using the GitHub and npm tokens, the malware injected a malicious GitHub Actions workflow into the victim's repositories to steal repository secrets and publish poisoned versions of the npm packages to the registry.
However, several notable differences set this incident apart from prior Shai-Hulud waves. All exfiltrated data was encrypted with AES-256-GCM and encapsulated using RSA-4096 with a public key embedded in the payload, effectively making it decipherable only to the attacker. Additionally, the payload existed on Russian-locale systems.
The malware committed itself into every accessible GitHub repository by injecting a ".claude/settings.json" file that abused Claude Code's SessionStart hook and a ".vscode/tasks.json" file with "runOn": "folderOpen" setting so that any attempt to open the infected repository in Microsoft Visual Studio Code (VS Code) or Claude Code caused the malware to be executed.
An investigation into the root cause of this attack revealed that the attackers had compromised RoshniNaveenaS's account for the three "@cap-js" packages, followed by pushing a modified workflow to a non-main branch and using the extracted npm OIDC token to publish the malicious packages without provenance. As for mbt, it is suspected to involve the compromise of the "cloudmtabot" static npm token through an as-yet-undetermined channel.
This incident highlights a critical configuration gap in npm's OIDC trusted publisher setup for "@cap-js/sqlite," which allowed the attacker to reproduce the exchange manually and print the resulting token. The critical flaw was that the CDN-dbs team had migrated to npm OIDC trusted publishing in November 2025, but this setup required any workflow in cap-js/cds-dbs to be specifically authorized.
In response to this incident, the maintainers of the affected packages have released new safe versions that supersede the compromised releases. For instance, sqlite: v2.4.0, v2.3.0; postgres: v2.3.0, v2.2.2; hana: v2.8.0, v2.7.2; db-service: v2.10.1; and mbt: v1.2.49.
In light of this recent supply chain attack, it is essential for developers to remain vigilant about the packages they use in their projects. Given the severity of this threat, it is crucial that developers keep their software up-to-date and implement robust security measures to protect themselves against potential attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/SAP-Related-npm-Packages-Compromised-in-Credential-Stealing-Supply-Chain-Attack-A-Growing-Concern-for-Developers-ehn.shtml
https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html
Published: Wed Apr 29 13:53:48 2026 by llama3.2 3B Q4_K_M
