Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AI-powered Forg365 Phishing Platform Targets Microsoft 365 Accounts
July 11, 2026
Dell BIOS Critical Flaw Exposes Admin Passwords From SPI Flash
July 11, 2026
CISA Report Details Lessons Learned From AWS GovCloud Credential Leak
July 11, 2026
Home/Threats/Critical SAP npm Vulnerabilities Let Attackers Steal GitHub, Cloud, AI Secrets
Threats

Critical SAP npm Vulnerabilities Let Attackers Steal GitHub, Cloud, AI Secrets

Key Takeaways A sophisticated supply chain attack, dubbed “Mini Shai-Hulud,” is actively targeting the SAP developer ecosystem through malicious npm packages. The worm is designed to...

Jennifer sherman
Jennifer sherman
May 4, 2026 4 Min Read
50 0

Key Takeaways

  • A sophisticated supply chain attack, dubbed “Mini Shai-Hulud,” is actively targeting the SAP developer ecosystem through malicious npm packages.
  • The worm is designed to steal sensitive credentials, including GitHub tokens, cloud platform access keys (AWS, Google Cloud, Azure), and secrets from AI coding tools.
  • Four official SAP npm packages were compromised: mbt, @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service.
  • Developers and CI/CD pipelines that installed specific malicious versions of these packages are at high risk of full credential compromise.
  • Immediate action is required to identify compromised systems, revoke exposed credentials, and implement enhanced security measures.

Attackers Leverage Malicious npm Packages to Compromise SAP Developer Ecosystem

A new, critical supply chain attack has been identified, actively compromising the SAP developer ecosystem. This campaign utilizes poisoned npm packages to infiltrate systems and exfiltrate highly sensitive data, including credentials for GitHub, various cloud platforms, and AI coding tools. The details of this sophisticated operation were recently unveiled in a comprehensive report.

Table Of Content

  • Key Takeaways
  • Attackers Leverage Malicious npm Packages to Compromise SAP Developer Ecosystem
  • The “Mini Shai-Hulud” Worm
  • Tracing the Threat Actor
  • How the Worm Collects and Exfiltrates Credentials
  • npm Token Harvesting
  • GitHub and Cloud Credential Collection
  • AI Coding Tool and CI Environment Targeting
  • What You Should Do

The “Mini Shai-Hulud” Worm

The malicious campaign employs a worm known as “Mini Shai-Hulud.” This stealthy malware activates a preinstall script that executes silently before an npm install command fully completes. Its primary objective is to steal credentials from developer workstations, cloud environments, and AI-assisted coding tools.

The attack specifically targeted four legitimate, SAP-published npm packages:

  • mbt (malicious version: 1.2.48, last clean version: 1.2.47)
  • @cap-js/sqlite (malicious version: 2.2.2, last clean version: 2.2.1)
  • @cap-js/postgres (malicious version: 2.2.2, last clean version: 2.2.1)
  • @cap-js/db-service (malicious version: 2.10.1, last clean version: 2.10.0)

When a developer or a CI/CD pipeline executes npm install on one of these compromised versions, a hidden setup.mjs script is triggered. This script downloads the Bun JavaScript runtime and then executes an obfuscated 11.7 MB payload named execution.js, which then proceeds to steal credentials without relying on Node.js.

Tracing the Threat Actor

Analysts at Endor Labs were instrumental in identifying this malware as a direct evolution of the original Shai-Hulud worm, which was first documented in April 2025. The researchers observed significant commonalities between the two campaigns, including the use of the same Bun v1.3.13 runtime bootstrap, an identical custom cipher family (ctf-scramble-v2), and the same PBKDF2 key (5012caa5847ae…). These shared indicators strongly suggest that the same threat actor is behind this new offensive, targeting SAP’s CAP and MTA developer ecosystems with a refined focus on credential theft and a different propagation method.

These four affected packages are integral to the dependency trees of CAP-based applications widely deployed across SAP BTP. Consequently, any developer who installed a compromised version on a machine containing cloud credentials or GitHub tokens should assume all secrets on that host have been fully exposed.

How the Worm Collects and Exfiltrates Credentials

The malicious payload operates by deploying five distinct credential harvesting modules in parallel, designed to maximize data exfiltration.

npm Token Harvesting

The first module targets npm tokens. It systematically scans npmrc files located in the user’s home directory, the project root, and within CI environment variables. Crucially, collected tokens are then validated against the npm registry API to verify their publishing capabilities, as only publish-enabled tokens facilitate the worm’s replication and broader spread.

GitHub and Cloud Credential Collection

The second and third modules focus on GitHub and cloud service credentials. On Linux systems, the payload attempts to read /proc/{pid}/mem to extract in-memory secrets from GitHub Actions. It also performs a comprehensive sweep of AWS credential files, queries GetCallerIdentity for IAM context, scans Google Cloud Secret Manager, reads Kubernetes service account JSON files, and collects Azure Key Vault credentials.

AI Coding Tool and CI Environment Targeting

The fourth collector is specifically designed to target AI coding tools. The payload checks 136 hardcoded paths for configuration files related to Claude Code (e.g., project/.claude/settings.json) and VS Code task files (project/.vscode/tasks.json). It also targets Cursor IDE state files, shell history, .env files, and SSH private keys. In continuous integration environments, the worm expands its reach to over 25 platforms, including popular services like Jenkins, Travis, and Azure Pipelines.

Indicators of compromise (IoCs) related to persistence include:

  • project/.claude/execution.js: An 11.6 MB copy of the payload for persistence.
  • project/.claude/settings.json: Presence of a SessionStart hook.
  • project/.vscode/tasks.json: A folderOpen trigger pointing to the .claude/ directory.
  • project/.github/workflows/format-check.yml: An injected workflow designed for credential exfiltration.

All exfiltrated data is encrypted using AES-256-GCM. The encryption key is then wrapped with the attacker’s RSA-4096 public key before the encrypted data is uploaded to a GitHub “dead-drop” repository. This repository is created using the victim’s own stolen GitHub account, effectively turning the victim’s account into an exfiltration channel.

What You Should Do

  • Assume Full Compromise: If any of the listed malicious versions were installed on a system, consider all secrets on that host to be fully compromised.
  • Uninstall and Reinstall: Immediately uninstall each affected package. Reinstall the clean versions using the --ignore-scripts flag to prevent any preinstall scripts from executing.
  • Scan for IoCs: Search all projects on affected machines for the following indicators:
    • execution.js files larger than 5 MB.
    • .claude/settings.json files containing a SessionStart hook.
    • Any format-check.yml workflow file not authored by your team.
  • Revoke All Credentials: Urgently revoke all potentially exposed credentials from the affected host. This includes, but is not limited to, npm publish tokens, GitHub Personal Access Tokens (PATs), AWS IAM keys, Google Cloud service account credentials, Azure client secrets, SSH private keys, and the contents of all .env files.
  • Enhance CI/CD Security: For long-term defense, scope npm OIDC trusted publishing to specific workflow files on specific branches, rather than granting broad repository-wide access.
  • Enforce Script Ignoring: Mandate the use of the --ignore-scripts flag for all npm install commands in CI/CD pipelines.
  • Regular Dependency Audits: Review lifecycle hooks during routine dependency audits to identify any suspicious or unexpected script executions. The rapid detection window of approximately two hours for this attack highlights that reactive takedowns alone are insufficient protection.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwareThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

CISA Warns of Critical Linux Kernel CVE-2024-XXXX Zero-Day Exploited in Attacks

Next Post

DOJ Sentences Two Americans to Prison for ALPHV BlackCat Ransomware Attacks

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical OpenClaw Vulnerability Lets Attackers Hijack WhatsApp Via One Message
July 11, 2026
Progress Urges ShareFile Server Shutdown Over Critical Vulnerability
July 11, 2026
Critical Citrix Bleed Vulnerability Exploited for Ransomware Attacks
July 11, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us