A recent cyberattack has targeted the SAP developer community by compromising npm packages, posing a serious threat to developer credentials and cloud services. This sophisticated supply chain attack employs a malicious worm named ‘Mini Shai-Hulud’ to silently steal sensitive information from affected systems.
Worm Infiltrates SAP Ecosystem
The attack impacts four official SAP packages: mbt, @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service. When developers or CI pipelines execute the npm install command on these compromised packages, a hidden script activates before the installation is complete. This preinstall script downloads the Bun JavaScript runtime and executes an obfuscated payload to harvest credentials.
Mini Shai-Hulud appears to be an evolution of the Shai-Hulud worm, first identified in 2025. Analysts from Endor Labs discovered that this new variant utilizes the same Bun runtime version 1.3.13 and similar encryption methods as its predecessor, confirming the involvement of the same threat actors targeting SAP’s developer ecosystem.
Credential Harvesting Techniques
Upon execution, the payload deploys five distinct credential harvesters. The first focuses on npm tokens, scanning various configuration files and validating them against the npm registry. This ensures only publish-capable tokens are replicated.
Subsequent harvesters target GitHub and cloud credentials, accessing sensitive data stored in-memory and in configuration files across platforms like AWS, Google Cloud, and Azure. The worm also seeks out credentials from AI coding tools, scrutinizing project settings and configuration files for popular tools like VS Code and Claude Code.
Mitigation and Future Defense
Developers who suspect their systems were compromised should treat all credentials as exposed and take immediate action. This includes uninstalling affected packages, reinstalling clean versions with the –ignore-scripts flag, and thoroughly auditing systems for suspicious files.
For long-term security, it’s crucial to restrict npm OpenID Connect (OIDC) trusted publishing to specific workflows and enforce the –ignore-scripts option in CI environments. While reactive measures can help, proactive auditing and prompt detection are essential to mitigate future risks.
Overall, this attack highlights the critical need for vigilance and robust security practices within the software development lifecycle, particularly in managing dependencies and securing credentials.
