### Compromised Packages Security researchers have identified four compromised packages, now deprecated on NPM: * `@cap-js/sqlite` – v2.2.2 * `@cap-js/postgres` – v2.2.2 * `@cap-js/db-service` – v2.10.1 * `mbt` – v1.2.48 These packages support **SAP**'s Cloud Application Programming Model (CAP) and Cloud MTA, widely used in enterprise development. ### Attack Vector According to reports by **Aikido** and **Socket**, the compromised packages contained a malicious 'preinstall' script. This script executes automatically upon package installation, launching a loader named `setup.mjs`. The loader downloads the Bun JavaScript runtime from GitHub and uses it to execute a heavily obfuscated `execution.js` payload. ### Information Stealing Payload The payload functions as an information stealer, targeting a wide range of credentials from both developer machines and CI/CD environments, including: * npm and GitHub authentication tokens * SSH keys and developer credentials * Cloud credentials for **AWS**, **Azure**, and **Google Cloud** * Kubernetes configuration and secrets * CI/CD pipeline secrets and environment variables The malware also attempts to extract secrets directly from the CI runner's memory, similar to previous **TeamPCP** attacks. > "On CI runners, the payload executes an embedded Python script that reads /proc/<pid>/maps and /proc/<pid>/mem for the Runner.Worker process to extract every secret matching 'key' :{ 'value': '...', 'isSecret':true} directly from runner memory, bypassing all log masking applied by the CI platform," explains Socket. ### GitHub as a Data Exfiltration and Dead-Drop Mechanism Collected data is encrypted and uploaded to public GitHub repositories under the victim's account. These repositories include the description, "A Mini Shai-Hulud has Appeared," reminiscent of the **Bitwarden** supply chain attack.  *Github repos created with a description of "A Mini Shai-Hulud has Appeared"* *Source: Aikido* The malware also utilizes GitHub commit searches as a dead-drop mechanism to retrieve tokens. > "The malware searches GitHub commits for this string and uses matching commit messages as a token dead-drop," explains Aikido. > > "Commit messages matching OhNoWhatsGoingOnWithGitHub:<base64> are decoded into GitHub tokens and checked for repository access." ### Self-Propagation Similar to prior attacks, the payload includes code to self-propagate to other packages. Using stolen npm or GitHub credentials, it attempts to modify other packages and repositories it gains access to, injecting the same malicious code to further spread the compromise. ### Attribution Researchers assess with medium confidence that **TeamPCP** is behind this attack, citing similar code and tactics used in previous supply-chain attacks against **Trivy**, **Checkmarx**, and **Bitwarden**. ### Investigation Underway The method used to compromise **SAP**'s npm publishing process remains unclear. One security engineer suggested that an NPM token may have been exposed via a misconfigured **CircleCI** job. **SAP** has yet to respond to requests for comment regarding the incident.