Cybersecurity experts have uncovered a sophisticated supply chain attack targeting SAP-related npm packages, exposing developers and enterprise environments to large-scale credential theft.
The campaign, identified as “Mini Shai-Hulud,” has been linked to techniques previously associated with the TeamPCP threat actor group.
Compromised Packages in SAP Ecosystem
The attack impacted several widely used packages within SAP’s JavaScript and cloud development ecosystem, including:
- mbt@1.2.48
- @cap-js/db-service@2.10.1
- @cap-js/postgres@2.2.2
- @cap-js/sqlite@2.2.2
These packages are commonly used in enterprise-grade application development, increasing the scale and severity of the attack.
Malicious Behavior Introduced During Installation
The compromised versions introduced a hidden preinstall script that executes automatically during package installation.
This script performs several malicious actions:
- Downloads a platform-specific runtime from external sources
- Extracts and executes a binary without validation
- Follows redirects without verifying their legitimacy
- Uses PowerShell execution bypass techniques on Windows systems
This behavior allows attackers to run unauthorized code within developer machines and CI/CD pipelines.
Credential Theft and Data Exfiltration
The malware is designed to harvest a wide range of sensitive data, including:
- Developer credentials stored locally
- GitHub tokens and repository secrets
- npm authentication tokens
- Cloud credentials from AWS, Azure, and Google Cloud
- Kubernetes configuration secrets
Stolen data is encrypted using strong cryptographic methods and then exfiltrated by creating public repositories on the victim’s own GitHub account, making detection more difficult.
Self-Propagation Mechanism
One of the most alarming features of this attack is its ability to spread automatically.
Using stolen tokens, the malware:
- Injects malicious workflows into GitHub repositories
- Publishes infected package versions to npm
- Expands its reach across development pipelines
This transforms compromised systems into distribution points for further attacks.
Persistence Through Developer Tools
The campaign introduces persistence techniques targeting modern development environments.
Malicious configurations are injected into:
- Visual Studio Code settings
- AI coding assistants such as Claude-based tools
These modifications ensure that the malware executes automatically when developers open infected projects.
Advanced Evasion Techniques
The attackers implemented several sophisticated evasion methods:
- Encryption using AES-256-GCM combined with RSA-4096
- Automatic shutdown on systems configured with Russian locale
- Use of trusted platforms like GitHub as command-and-control infrastructure
These techniques make detection and attribution significantly more challenging.
Root Cause of the Breach
Investigations revealed that attackers gained access to package maintainers’ accounts and exploited weaknesses in CI/CD configurations.
A key issue involved improper configuration of npm’s OIDC trusted publishing system. This allowed attackers to generate valid publishing tokens from unauthorized workflows, enabling them to upload malicious package versions without detection.
Response and Remediation
Maintainers have released secure versions of the affected packages to replace compromised releases. Developers are strongly advised to upgrade immediately.
Additional recommended actions include:
- Rotating all exposed credentials
- Reviewing CI/CD pipeline configurations
- Auditing dependencies for unauthorized changes
- Monitoring GitHub repositories for suspicious activity
Security Implications
This incident highlights the increasing use of trusted platforms like GitHub as channels for data exfiltration and malware distribution.
Because such platforms are essential for development workflows, blocking them is not practical, making these attacks particularly difficult to defend against.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
