Cybersecurity experts have raised alarms regarding a new supply chain attack affecting SAP-associated npm packages. The attack, identified by several security firms including Aikido Security and Google-owned Wiz, involves malware designed to steal credentials from affected systems.
The malicious operation, dubbed ‘mini Shai-Hulud,’ compromises specific packages within SAP’s JavaScript and cloud application development suite. These include versions of ‘[email protected],’ ‘@cap-js/[email protected],’ ‘@cap-js/[email protected],’ and ‘@cap-js/[email protected].’
Malicious Code and Execution
According to security reports, the compromised packages introduce unexpected installation behaviors. A preinstall script downloads and executes a platform-specific Bun ZIP file from GitHub, which is then used to initiate the malware. The implementation also follows HTTP redirects without proper validation, posing significant risks to developers and their environments.
Indicators suggest that these packages share features with known TeamPCP operations, hinting at the involvement of the same threat actor. The attack leverages a ‘setup.mjs’ file to run the Bun JavaScript runtime, which facilitates the execution of credential stealing scripts.
Data Harvesting and Propagation
The malware targets various credentials, including local developer information, GitHub tokens, and cloud secrets from major providers like AWS and Azure. Extracted data is encrypted and uploaded to GitHub repositories under the victim’s account, with over 1,100 repositories documented to date.
Notably, the attack’s payload can self-propagate, utilizing GitHub and npm tokens to insert malicious workflows into repositories. This allows attackers to access repository secrets and publish tampered npm packages.
Response and Mitigation
Investigations revealed that attackers compromised specific accounts to publish the malicious packages, exploiting configuration gaps in npm’s OIDC trusted publisher setup. As a defensive measure, package maintainers have issued secure updates to replace the affected versions.
StepSecurity highlighted that this attack is among the first to exploit AI coding agent configurations as a vector for persistence and spread. The compromised payload embeds itself into repositories, triggering execution when opened in development environments like Microsoft Visual Studio Code.
In summary, this incident underscores the need for robust security measures in software supply chains and highlights the evolving tactics of cyber adversaries. Organizations are urged to update affected packages and review security configurations to prevent similar breaches.
