Critical SAP npm Package Vulnerabilities Expose Developer and CI/CD Secrets
Key Takeaways A new supply chain attack, dubbed “mini Shai Hulud,” compromised four critical SAP npm packages. Malicious preinstall scripts were injected into developer environments and...
Key Takeaways
- A new supply chain attack, dubbed “mini Shai Hulud,” compromised four critical SAP npm packages.
- Malicious preinstall scripts were injected into developer environments and CI/CD pipelines to steal credentials for GitHub, npm, and major cloud providers.
- The attack uses the Bun JavaScript runtime for execution, bypassing traditional Node.js security tooling.
- The malware includes self-propagation capabilities and a geofencing check that terminates execution in Russian-language environments.
- Organizations using SAP Cloud Application Programming Model (CAP) tooling must audit dependencies, rotate secrets, and block compromised package versions immediately.
A sophisticated supply chain attack, dubbed “mini Shai Hulud,” has been uncovered, targeting four widely used npm packages associated with SAP’s Cloud Application Programming Model (CAP). This incident involves the surreptitious injection of malicious scripts into developer environments and CI/CD pipelines, designed to exfiltrate sensitive credentials from platforms like GitHub, npm, and leading cloud providers.
Table Of Content
Researchers from StepSecurity, Aikido Security, SafeDep, Socket, and Wiz collaboratively identified that compromised versions of legitimate SAP CAP ecosystem packages—specifically @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt—were published containing a weaponized preinstall hook within their package.json files. This hook executes automatically during dependency installation, making the attack highly stealthy.
Distinguishing itself from previous campaigns, this iteration of “mini Shai Hulud” introduces a novel evasion technique. Rather than relying on Node.js to execute its payload, the dropper script, named setup.mjs, downloads and utilizes the Bun JavaScript runtime at the time of installation. This runtime is then employed to execute a heavily obfuscated, 11 MB second-stage payload, execution.js.
This deliberate architectural choice to leverage Bun is strategic. Execution patterns involving Bun largely fall outside the typical detection capabilities of most static analysis tools and security solutions primarily focused on Node.js environments, providing a significant advantage to the attackers.
Multi-Stage Payload and Credential Theft
Upon activation, the setup.mjs script retrieves and launches execution.js, which functions as a comprehensive credential stealer and self-propagation framework. Once deobfuscated, this second-stage payload systematically collects a wide array of sensitive information:
- GitHub tokens and npm credentials from developer workstations.
- Cloud provider secrets, including environment variables for AWS, Azure, and GCP.
- Kubernetes tokens and service account credentials.
- GitHub Actions secrets, even extracting runtime secrets directly from runner memory.
The stolen data is subsequently encrypted and exfiltrated via public GitHub repositories controlled by the attackers, mirroring the exfiltration methods observed in the original Shai-Hulud campaign.
The malware also incorporates propagation logic. Using any stolen npm tokens, it identifies other packages managed by the compromised maintainer’s account, injects malicious code, and then republishes them. This mechanism facilitates an exponential, automated spread throughout the npm ecosystem without requiring direct intervention from the threat actors.
During its initial setup, the malware performs a targeted geofencing check. It examines the system’s date/time locale settings and environment language variables for any values starting with 'ru'. If a Russian language configuration is detected, the malware immediately self-terminates, preventing any data exfiltration from Russian-speaking environments. This specific exclusion is a consistent hallmark across campaigns attributed to TeamPCP.
Researchers have attributed this campaign to TeamPCP with high confidence, citing multiple technical overlaps with previously documented TeamPCP operations that targeted packages such as Trivy, LiteLLM, and Checkmarx KICS. Key indicators supporting this attribution include:
- The use of the identical
__decodeScrambledcipher for encoding secrets before posting them to exfiltration repositories. - The presence of the same Russian-language early-exit logic.
- A shared dropper (
setup.mjs— SHA256:4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34) found across all four compromised packages. - Consistent infrastructure abuse patterns, including install-time execution, off-host exfiltration, and canister-backed self-propagation.
Affected Packages and IOCs
| Package | Version | Tarball SHA256 |
|---|---|---|
@cap-js/postgres |
2.2.2 | 1d9e4ece8e13c8eaf94cb858470d1bd8f81bb58f62583552303774fa1579edee |
@cap-js/db-service |
2.10.1 | 258257560fe2f1c2cc3924eae40718c829085b52ae3436b4e46d2565f6996271 |
@cap-js/sqlite |
2.2.2 | a1da198bb4e883d077a0e13351bf2c3acdea10497152292e873d79d4f7420211 |
mbt |
1.2.48 | 86282ebcd3bebf50f087f2c6b00c62caa667cdcb53558033d85acd39e3d88b41 |
The common dropper setup.mjs (SHA1: 307d0fa7407d40e67d14e9d5a4c61ac5b4f20431) is embedded within all four identified packages. The execution.js payload for both @cap-js/postgres and @cap-js/db-service is identical (SHA256: eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb).
Responsible disclosure has been made to the maintainers of all affected packages.
What You Should Do
- Audit Dependencies: Immediately review and audit all CI/CD pipeline dependencies for the compromised versions of
@cap-js/postgres(2.2.2),@cap-js/db-service(2.10.1),@cap-js/sqlite(2.2.2), andmbt(1.2.48). - Block Compromised Versions: Configure your package managers and dependency resolvers to explicitly block the installation and use of the specific malicious versions listed.
- Rotate Credentials: Assume compromise for all secrets present in environments where these packages were used. Promptly rotate all GitHub tokens, npm credentials, cloud provider secrets (AWS, Azure, GCP), Kubernetes tokens, and GitHub Actions secrets.
- Monitor for Bun Runtime: Implement monitoring for unexpected downloads or executions of the Bun JavaScript runtime during
npm installoperations, as this is a unique indicator of this campaign. - Review Security Tooling: Evaluate your existing static analysis and runtime security tooling to ensure it can detect and analyze threats involving alternative JavaScript runtimes like Bun.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.


No Comment! Be the first one.