SAP npm Packages Compromised in Malware Attack
In a concerning development for the software development community, several SAP-related npm packages have been compromised by a credential-stealing malware known as 'Mini Shai-Hulud'. This incident, reported by cybersecurity firms including Aikido Security, SafeDep, and Google-owned Wiz, underscores the persistent threat of malware within software supply chains.
Details of the 'Mini Shai-Hulud' Malware
The 'Mini Shai-Hulud' malware was discovered to have infiltrated SAP's npm packages, introducing unexpected installation-time behavior. According to Socket, the malicious versions of these packages added a preinstall script that functions as a runtime bootstrapper. This script downloads a platform-specific Bun ZIP from GitHub Releases, extracts it, and immediately executes the Bun binary.
The malware's mode of operation is particularly concerning as it follows HTTP redirects without validating the destination, and on Windows systems, it uses PowerShell with -ExecutionPolicy Bypass, significantly increasing the risk to developers and Continuous Integration/Continuous Deployment (CI/CD) environments.
Impact and Methodology of the Attack
The suspicious packages were uploaded on April 29, 2026, during a brief window between 09:55 UTC and 12:14 UTC. These compromised versions introduced a preinstall hook in the package.json file, which executes a file named "setup.mjs". This file acts as a loader for the Bun JavaScript runtime to run the credential-stealing components.
Aikido Security reports that the malware is designed to harvest a wide range of sensitive credentials, including local developer credentials, GitHub and npm tokens, and secrets from cloud services such as AWS, Azure, and Google Cloud Platform (GCP), as well as Kubernetes. The stolen data is then encrypted and exfiltrated to public GitHub repositories, created on the victim’s account with a description "A Mini Shai-Hulud has Appeared." To date, over 1,100 such repositories have been identified.
Propagation and Self-Replication Mechanisms
The malware's 11.6 MB payload includes mechanisms for self-propagation through developer workflows. It utilizes stolen GitHub and npm tokens to inject malicious workflows into the victim's repositories, allowing it to steal repository secrets and publish further compromised versions of npm packages to the registry.
StepSecurity highlighted that this attack is one of the first to target AI coding agent configurations as a vector for persistence and propagation, marking a significant evolution in the tactics used by cybercriminals.
Analysis of the Attack Vector
Further investigation revealed that the attackers initially compromised an account belonging to RoshniNaveenaS for three "@cap-js" packages. They then pushed a modified workflow to a non-main branch, utilizing the extracted npm OpenID Connect (OIDC) token to publish the malicious packages without provenance.
In the case of the "mbt" package, it is suspected that the attackers compromised the "cloudmtabot" static npm token through an as-yet-undetermined method. The cds-dbs team had migrated to npm OIDC trusted publishing in November 2025, but the attackers were able to manually reproduce this token exchange in a CI step, highlighting a critical configuration vulnerability.
Response and Mitigation Efforts
The maintainers of the affected packages have responded by releasing new, safe versions that supersede the compromised releases. However, this incident serves as a stark reminder of the vulnerabilities present in software supply chains, particularly concerning the handling and security of developer credentials and tokens.
In addition to patching the compromised packages, developers and organizations are urged to review their security configurations, especially those related to OIDC token exchanges and GitHub Actions workflows, to prevent similar incidents in the future.
Lessons and Future Implications
This attack highlights the need for robust security measures in software development environments. As the use of AI and cloud-based tools becomes more prevalent in coding and development, the attack surface for cybercriminals increases significantly.
Organizations must prioritize securing their CI/CD pipelines and ensuring that all dependencies and package management systems are constantly monitored for vulnerabilities. The adoption of zero-trust architectures and the use of security tools that can detect and mitigate such threats in real-time will be crucial in safeguarding against future attacks.
Looking ahead, the software industry must remain vigilant and proactive in addressing the evolving tactics of cybercriminals. With incidents like 'Mini Shai-Hulud', it is clear that the threat landscape is becoming increasingly complex, requiring a concerted effort from developers, security professionals, and organizations to stay ahead of potential vulnerabilities.