Ethical Hacking News
A supply chain attack campaign has compromised several SAP-related npm packages, injecting malicious code that can steal credentials from unsuspecting developers. In this article, we'll delve into the details of the Mini Shai-Hulud campaign, exploring the tactics used by the threat actor and the implications for organizations relying on these affected packages.
The compromised SAP-related npm packages are mbt@1.2.48, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2.The threat actor behind the attack is identified as "Mini Shai-Hulud" with a connection to Arabian Nights mythology.The compromised packages introduced new installation-time behavior that downloads a platform-specific Bun ZIP from GitHub Releases, extracting it and executing the extracted Bun binary.The malware harvests local developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud secrets from AWS, Azure, GCP, and Kubernetes.The stolen data is encrypted with AES-256-GCM and encapsulates the key using RSA-4096, making it decipherable only to the attacker.The payload commits itself into every accessible GitHub repository by injecting malicious files.The attack highlights the growing threat landscape related to artificial intelligence and machine learning.
The world of cybersecurity is constantly evolving, with new threats and exploits emerging on a daily basis. Recently, a particularly cunning threat actor has managed to compromise several SAP-related npm packages, injecting malicious code that can steal credentials from unsuspecting developers. In this article, we will delve into the details of this supply chain attack, exploring the tactics used by the threat actor and the implications for organizations relying on these affected packages.
The compromised packages in question are mbt@1.2.48, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2. These packages are associated with SAP's JavaScript and cloud application development ecosystem, making them a critical component of many organizations' technology infrastructure.
The threat actor behind this attack has been identified as "Mini Shai-Hulud," a name that suggests a connection to the Arabian Nights mythology. According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the Mini Shai-Hulud campaign began on April 29, 2026, with the publication of several suspicious package versions.
These compromised packages introduced new installation-time behavior that was not previously part of these packages' expected functionality. The affected releases added a preinstall script that acts as a runtime bootstrapper, downloading a platform-specific Bun ZIP from GitHub Releases, extracting it, and immediately executing the extracted Bun binary.
"The implementation also follows HTTP redirects without validating the destination and uses PowerShell with -ExecutionPolicy Bypass on Windows, increasing the risk for affected developer and CI/CD environments," Wiz noted. This suggests that the threat actor has carefully crafted the attack to take advantage of vulnerabilities in the development process, rather than simply relying on brute-force tactics.
The malicious packages also introduce a new package.json preinstall hook that runs a file named "setup.mjs," which acts as a loader for the Bun JavaScript runtime to execute the credential stealer and propagation framework ("execution.js").
According to Aikido, the malware is designed to harvest local developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud secrets from AWS, Azure, GCP, and Kubernetes. The stolen data is encrypted and exfiltrated to public GitHub repositories created on the victim's own account with the description "A Mini Shai-Hulud has Appeared."
As of writing, there are more than 1,100 repositories with descriptions, suggesting a large-scale operation by the threat actor. However, it's worth noting that this attack bears significant differences from prior Shai-Hulud waves.
One key difference is that all exfiltrated data is encrypted with AES-256-GCM and encapsulates the key using RSA-4096 with a public key embedded in the payload, effectively making it decipherable only to the attacker. This suggests a level of sophistication and planning on the part of the threat actor.
Furthermore, the payload commits itself into every accessible GitHub repository by injecting a ".claude/settings.json" file that abuses Claude Code's SessionStart hook and a ".vscode/tasks.json" file with "runOn": "folderOpen" setting so that any attempt to open the infected repository in Microsoft Visual Studio Code (VS Code) or Claude Code causes the malware to be executed.
"This is one of the first supply chain attacks to target AI coding agent configurations as a persistence and propagation vector," StepSecurity said. This highlights the growing threat landscape related to artificial intelligence and machine learning, as these systems become increasingly prevalent in organizations.
The implications for organizations relying on the affected packages are significant. Developers who use these packages without taking proper precautions risk having their credentials stolen, potentially allowing the threat actor to access sensitive information or even gain control of their systems.
In light of this attack, it's essential for developers and IT professionals to take immediate action. This includes updating package versions, reviewing code dependencies, and implementing robust security measures to prevent similar attacks in the future.
The world of cybersecurity is constantly evolving, with new threats emerging on a daily basis. As we move forward, it's crucial that organizations prioritize security and remain vigilant against even the most sophisticated attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Great-SAP-Supply-Chain-Heist-A-Threat-Actors-Cunning-Plan-to-Steal-Credentials-ehn.shtml
https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
https://attack.mitre.org/groups/
Published: Wed Apr 29 11:50:58 2026 by llama3.2 3B Q4_K_M
