Cybersecurity

Critical SAP npm Supply Chain Attack Exposes Dev Credentials

By Sentinel News Editorial Team

April 30, 2026 Source: Bleepingcomputer 4 views

Multiple official SAP npm packages were compromised in a sophisticated supply-chain attack, leading to the theft of sensitive credentials and authentication tokens from developers and CI/CD environments. Security researchers link the incident with medium confidence to the notorious TeamPCP threat actors, known for similar supply-chain compromises.

Four official SAP npm packages, including @cap-js/sqlite and mbt, were infected with a malicious 'preinstall' script that executes automatically upon installation.
The deployed malware is an information-stealer targeting a wide array of credentials, including npm/GitHub tokens, SSH keys, cloud credentials (AWS, Azure, Google Cloud), and Kubernetes secrets from developer machines and CI/CD pipelines.
The attack, attributed to TeamPCP, leveraged advanced techniques such as memory scanning for secrets, similar to previous Bitwarden and Checkmarx incidents, and GitHub commit dead-drops for command and control.

Intelligence briefing: Why this matters: This incident highlights the critical and pervasive risk of software supply chain attacks, demonstrating how compromise at the package management level can cascade to expose an organization's most sensitive development and operational secrets.

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems.

Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM:

@cap-js/sqlite – v2.2.2

@cap-js/postgres – v2.2.2

@cap-js/db-service – v2.10.1

mbt – v1.2.48

These packages support SAP's Cloud Application Programming Model (CAP) and Cloud MTA, which are commonly used in enterprise development.

According to new reports by Aikido and Socket, the compromised packages were modified to include a malicious 'preinstall' script that executes automatically when the npm package is installed.

This script launches a loader named setup.mjs that downloads the Bun JavaScript runtime from GitHub and uses it to execute a heavily obfuscated execution.js payload.

The payload is an information-stealer used to steal a wide variety of credentials from both developer machines and CI/CD environments, including:

npm and GitHub authentication tokens

SSH keys and developer credentials

Cloud credentials for AWS, Azure, and Google Cloud

Kubernetes configuration and secrets

CI/CD pipeline secrets and environment variables

The malware also attempts to extract secrets directly from the CI runner's memory, similar to how TeamPCP extracted credentials in supply-chain attacks.

"On CI runners, the payload executes an embedded Python script that reads /proc/ /maps and /proc/ /mem for the Runner.Worker process to extract every secret matching "key" :{ "value": "...", "isSecret":true} directly from runner memory, bypassing all log masking applied by the CI platform," explains Socket.

"This memory scanner for secrets is structurally identical to the one documented in the Bitwarden and Checkmarx incidents."

Once data is collected, it is encrypted and uploaded to public GitHub repositories under the victim's account. These repositories include the description, "A Mini Shai-Hulud has Appeared", which is also similar to the "Shai-Hulud: The Third Coming" string seen in the Bitwarden supply chain attack.

The malware also relies on GitHub commit searches as a dead-drop mechanism to retrieve tokens and gain further access.

"The malware searches GitHub commits for this string and uses matching commit messages as a token dead-drop," explains Aikido.

"Commit messages matching OhNoWhatsGoingOnWithGitHub: are decoded into GitHub tokens and checked for repository access."

Similar to attacks, the deployed payload also includes code to self-propagate to other packages.

Using stolen npm or GitHub credentials, it attempts to modify other packages and repositories it gains access to, and injects the same malicious code to spread further.

Researchers have linked this attack with medium confidence to the TeamPCP threat actors, who used similar code and tactics in supply-chain attacks against Trivy, Checkmarx, and Bitwarden.

While it is unclear how the threat actors compromised SAP's npm publishing process, Security Engineer Adnan Khan reports that an NPM token may have been exposed via a misconfigured CircleCI job.

BleepingComputer contacted SAP to learn how the npm packages were compromised, but did not receive a reply at the time of publication.

Analysis

The SAP npm compromise underscores the escalating threat of software supply chain attacks against enterprise development ecosystems, directly impacting the integrity of code and systems critical to national security and defense. For cybersecurity professionals, this serves as a stark reminder that even trusted vendor components can become vectors for highly targeted credential theft, potentially leading to breaches of critical infrastructure or sensitive government projects. The sophistication, self-propagation, and dead-drop mechanisms employed by TeamPCP showcase an advanced persistent threat capable of deep infiltration and lateral movement across development environments, demanding robust DevSecOps practices and continuous supply chain vigilance.

sapnpmsupply chain attackcybersecurityteam pcpcredential theftci/cd security

Original reporting: https://www.bleepingcomputer.com/news/security/official-sap-npm-packages-compromised-to-steal-credentials/