Supply Chain Attack Hits SAP npm Packages with Mini Shai‑Hulud Worm

May 4, 2026 Faeem BLOGS 0

Overview A new supply chain attack has compromised the SAP developer ecosystem by weaponizing official npm packages. The campaign, linked to the Mini Shai‑Hulud worm, silently executes credential theft against developer machines, CI pipelines, cloud platforms, and even AI coding tools.

Attack Details

  • Packages Affected:
    • mbt (malicious v1.2.48, clean v1.2.47)
    • @cap-js/sqlite (malicious v2.2.2, clean v2.2.1)
    • @cap-js/postgres (malicious v2.2.2, clean v2.2.1)
    • @cap-js/db-service (malicious v2.10.1, clean v2.10.0)
  • Mechanism: Hidden setup.mjs preinstall script downloads the Bun runtime, executes a 11.7 MB obfuscated payload (execution.js), bypassing Node.js entirely.
  • Lineage: Shares markers with the original Shai‑Hulud worm (Bun v1.3.13 bootstrap, custom cipher family, PBKDF2 key), confirming the same threat actor.

Credential Theft Workflow

The payload runs five parallel collectors:

  1. npm Tokens: Scans .npmrc files and CI environment variables, validating publish rights.
  2. GitHub Secrets: Reads /proc/{pid}/mem on Linux to extract GitHub Actions secrets.
  3. Cloud Credentials: Sweeps AWS, Google Cloud, Kubernetes, and Azure Key Vault.
  4. AI Coding Tools: Targets Claude Code, VS Code, Cursor IDE, .env files, and SSH keys.
  5. CI Platforms: Harvests secrets across Jenkins, Travis, Azure Pipelines, and 25+ others.

Exfiltration: Data encrypted with AES‑256‑GCM, wrapped with attacker’s RSA‑4096 public key, and uploaded to GitHub repositories created from victims’ own stolen accounts.

Indicators of Compromise

  • project/.claude/execution.js (11.6 MB payload copy).
  • project/.claude/settings.json (SessionStart hook).
  • project/.vscode/tasks.json (folderOpen trigger).
  • .github/workflows/format-check.yml (injected exfiltration workflow).

Mitigation Steps

  • Immediate Action:
    • Uninstall compromised versions.
    • Reinstall clean versions with --ignore-scripts.
  • Secret Hygiene:
    • Revoke all npm tokens, GitHub PATs, AWS IAM keys, Google Cloud credentials, Azure secrets, SSH keys, and .env contents.
  • Detection: Search for execution.js files >5 MB, suspicious .claude/settings.json, and unauthorized workflows.
  • Long-Term Defense:
    • Scope npm OIDC trusted publishing to specific workflows/branches.
    • Enforce --ignore-scripts in CI installs.
    • Audit lifecycle hooks during dependency reviews.

Final Thought

The Mini Shai‑Hulud worm underscores how supply chain attacks exploit trusted ecosystems like SAP’s CAP and MTA frameworks. By embedding credential theft into npm packages, attackers gain access not only to developer machines but also to cloud platforms and AI coding environments. For defenders, the lesson is clear: dependency hygiene and strict governance of install scripts are now mission‑critical.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.