Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud.
The operation relies on injecting malicious pre-install scripts that execute silently during dependency installation.
By leveraging a multi-stage payload, the attackers are aggressively harvesting developer credentials and CI/CD secrets while employing advanced propagation techniques to infect additional repositories.
Infection Mechanism and Credential Theft
The attackers created malicious versions of widely used SAP packages, including @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt.
They modified these libraries to include a pre-install script that automatically triggers a dropper file named setup.mjs when developers run standard npm install commands.
This dropper bypasses typical execution flows by downloading the Bun JavaScript runtime to launch a massive, highly obfuscated payload named execution.js before the package installation even finishes.
Upon execution, the malware acts as a comprehensive credential stealer. It targets developer environments and CI/CD pipelines to collect GitHub tokens, npm credentials, Kubernetes access tokens, and cloud secrets from AWS, Azure, and Google Cloud Platform.
The threat actors even use advanced memory-extraction techniques to extract secrets directly from runner environments. Interestingly, the malware performs an initial system check for Russian language configurations.
If the system locale or environment variables start with a Russian identifier, the payload terminates immediately to prevent data collection from Russian-speaking users.
Stolen information is encrypted with an RSA public key and exfiltrated to attacker-controlled public GitHub repositories via the GraphQL API, as reported by WIZ.
Browser Targeting and GitHub Poisoning
This campaign introduces notable tactical evolutions for TeamPCP. For the first time, their malware includes capabilities to steal passwords directly from popular web browsers such as Chrome, Safari, Edge, and Brave.
If the primary credential collection fails to find personal access tokens, the malware initiates a fallback propagation routine designed to poison the local GitHub repository. The attackers drop hidden configuration files tailored for modern development tools.
For users of Claude Code, the malware creates specific hook configurations that run the dropper on every new session. For Visual Studio Code users, a customized task configuration executes the payload immediately whenever a project folder is opened.
Security teams are urged to immediately search artifact stores, lockfiles, and CI logs for the affected package versions and associated malicious files.
Organizations should rotate all potentially exposed GitHub tokens, cloud credentials, and CI/CD secrets, and actively monitor GitHub activity for unauthorized commits or anomalous repository activity.
Indicators of Compromise
| File Type | Package | SHA-256 Hash |
|---|---|---|
| setup.mjs | All 4 Packages | 4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34 |
| execution.js | @cap-js/postgres | eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb |
| execution.js | @cap-js/db-service | eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb |
| execution.js | @cap-js/sqlite | 6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95 |
| execution.js | mbt | 80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac |
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
