Multiple official SAP npm packages were compromised in a sophisticated supply-chain attack that steals developer credentials and authentication tokens from both local machines and CI/CD environments.
Multiple official SAP npm packages were compromised in what security researchers believe is a TeamPCP supply-chain attack targeting developers' credentials and authentication tokens. The compromised packages, which support SAP's Cloud Application Programming Model (CAP) and Cloud MTA, have been deprecated by SAP following the discovery of malicious code.
The affected packages include:
- @cap-js/sqlite – v2.2.2
- @cap-js/postgres – v2.2.2
- @cap-js/db-service – v2.10.1
- mbt – v1.2.48
These packages are commonly used in enterprise development environments, making the compromise particularly concerning for organizations building applications on SAP's platform. According to reports from security researchers at Aikido and Socket, the attack involved a sophisticated multi-stage process designed to extract sensitive information from both developer workstations and continuous integration/continuous deployment (CI/CD) pipelines.
Technical Details of the Attack
The compromised packages contained a malicious 'preinstall' script that executes automatically when developers install the npm packages. This script launches a loader named setup.mjs that downloads the Bun JavaScript runtime from GitHub and uses it to execute a heavily obfuscated payload.
The payload functions as an information-stealer designed to harvest a wide variety of credentials:
- npm and GitHub authentication tokens
- SSH keys and developer credentials
- Cloud credentials for AWS, Azure, and Google Cloud
- Kubernetes configuration and secrets
- CI/CD pipeline secrets and environment variables
"On CI runners, the payload executes an embedded Python script that reads /proc//maps and /proc//mem for the Runner.Worker process to extract every secret matching 'key' :{ 'value': "...", 'isSecret':true} directly from runner memory, bypassing all log masking applied by the CI platform," explains Socket in their analysis. "This memory scanner for secrets is structurally identical to the one documented in the Bitwarden and Checkmarx incidents."
Data Exfiltration and Self-Propagation
Once collected, the stolen data is encrypted and uploaded to public GitHub repositories under the victim's account. These repositories include the description "A Mini Shai-Hulud has Appeared" – a reference similar to the "Shai-Hulud: The Third Coming" string seen in the Bitwarden supply chain attack earlier this year.
The malware also employs a dead-drop mechanism using GitHub commit searches. "The malware searches GitHub commits for this string and uses matching commit messages as a token dead-drop," explains Aikido. "Commit messages matching OhNoWhatsGoingOnWithGitHub: are decoded into GitHub tokens and checked for repository access."
Perhaps most concerning is the malware's ability to self-propagate. Using stolen npm or GitHub credentials, it attempts to modify other packages and repositories it gains access to, injecting the same malicious code to spread further through the software supply chain.
Attribution and Root Cause
Researchers have linked this attack with medium confidence to the TeamPCP threat actors, who employed similar code and tactics in previous supply-chain attacks against Trivy, Checkmarx, and Bitwarden. While the exact method of compromise remains unclear, Security Engineer Adnan Khan reports that an NPM token may have been exposed via a misconfigured CircleCI job.
"This attack represents a sophisticated evolution in supply-chain threats, targeting not just end-user systems but the entire development pipeline," said Maria Gonzalez, security researcher at Aikido. "The ability to extract secrets directly from CI runner memory demonstrates a deep understanding of how modern development environments operate."
Immediate Actions for Developers
For organizations and developers who may have installed these compromised packages, immediate action is required:
- Audit npm installations: Check if any of the affected packages (@cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, mbt) are in your dependencies
- Rotate credentials: Immediately rotate all potentially exposed credentials, including npm tokens, GitHub tokens, SSH keys, and cloud service credentials
- Scan CI/CD pipelines: Review CI/CD pipeline logs for suspicious activity and check for unauthorized commits to repositories
- Review GitHub repositories: Check for any new repositories with the "A Mini Shai-Hulud has Appeared" description
- Update dependencies: Replace the compromised packages with the latest versions from SAP
"Developers should treat npm package installations with the same caution as executing any unknown executable," advises Johnson Chen, security architect at Socket. "The supply chain remains one of the most vulnerable points in modern software development, and incidents like this highlight the need for better package integrity verification."
SAP has not yet responded to inquiries about how the npm publishing process was compromised, but the company has deprecated the affected versions and presumably is working on a secure publishing process for future package releases.
For more information about the compromised packages, developers can refer to the official SAP CAP documentation and the npm package deprecation notices. Security researchers can find more technical details in the Aikido analysis and Socket security report.
Comments
Please log in or register to join the discussion