Attackers target cloud and development credentials
The trojanized Bitwarden CLI version 2026.4.0 contained a custom loader called bw_setup.js that checks if the bun package manager is installed and then uses it to execute bw1.js. If bun doesn’t exist, it is downloaded and installed from GitHub.
According to an analysis by security firm JFrog, the malicious payload is designed to detect and collect a board range of credentials and access tokens from the filesystem, shell environment variables, and GitHub actions configurations. Targeted credentials include GitHub and npm tokens, AWS and GCP credentials, API keys from MCP and AI agent configurations, Git credentials, SSH keys, and more.
If GitHub tokens are found, the malicious code automatically weaponizes them by contacting https://api.github.com/user and trying several escalation paths, including executing GitHub Actions and listing secrets from their workflows.
