Official SAP npm packages compromised to steal credentials
Source: Bleeping Computer
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply‑chain attack to steal credentials and authentication tokens from developers’ systems.
Compromised Packages
The attack impacted four packages, all of which have been deprecated on npm:
@cap-js/sqlite– v2.2.2@cap-js/postgres– v2.2.2@cap-js/db-service– v2.10.1mbt– v1.2.48
These packages support SAP’s Cloud Application Programming Model (CAP) and Cloud MTA, which are commonly used in enterprise development.
Malicious Payload
According to reports by Aikido and Socket, the compromised packages were modified to include a malicious preinstall script that runs automatically when the npm package is installed.
The script:
- Launches a loader named
setup.mjs. - Downloads the Bun JavaScript runtime from GitHub.
- Uses Bun to execute a heavily obfuscated
execution.jspayload.
The payload is an information‑stealer that extracts a wide variety of credentials from both developer machines and CI/CD environments, including:
- npm and GitHub authentication tokens
- SSH keys and developer credentials
- Cloud credentials for AWS, Azure, and Google Cloud
- Kubernetes configuration and secrets
- CI/CD pipeline secrets and environment variables
On CI runners, the payload also runs an embedded Python script that reads /proc//maps and /proc//mem for the Runner.Worker process to pull every secret matching "key" :{ "value": "...", "isSecret":true} directly from memory, bypassing log masking applied by the CI platform. This technique mirrors the memory‑scanner used in previous TeamPCP attacks.
Data Exfiltration
Collected data is encrypted and uploaded to public GitHub repositories under the victim’s account. The repositories are created with the description:
A Mini Shai‑Hulud has Appeared
This phrasing is similar to the “Shai‑Hulud: The Third Coming” string seen in the Bitwarden supply‑chain attack.
Github repos created with a description of “A Mini Shai‑Hulud has Appeared” – Source: Aikido
Dead‑Drop Mechanism
The malware also relies on GitHub commit searches as a dead‑drop mechanism to retrieve tokens and gain further access. It looks for commit messages containing a specific string, e.g.:
OhNoWhatsGoingOnWithGitHub:The base64 payload is decoded into a GitHub token, which is then used to access repositories.
Propagation
Similar to earlier supply‑chain attacks, the payload includes code to self‑propagate to other packages. Using stolen npm or GitHub credentials, it attempts to modify additional packages and repositories it can access, injecting the same malicious preinstall script to spread further.
Attribution
Researchers have linked this attack with medium confidence to the TeamPCP threat actors, who employed comparable code and tactics in previous supply‑chain attacks against Trivy, Checkmarx, and Bitwarden.
While the exact method of compromising SAP’s npm publishing process remains unclear, Security Engineer Adnan Khan reported that an npm token may have been exposed via a misconfigured CircleCI job.
Response
BleepingComputer reached out to SAP for comment on how the npm packages were compromised but had not received a reply at the time of publication.