editorially independent. We may make money when you click on links
to our partners.
Learn More
A supply chain attack targeting SAP npm packages is putting enterprise development environments at risk.
Aikido researchers discovered malicious code designed to steal credentials and secrets from developer systems and CI/CD pipelines.
The attack “… harvests local developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud secrets from AWS, Azure, GCP, and Kubernetes,” said Raphael Silva, security researcher at Aikido security.
“With LLMs working to ‘make it work’ as fast as possible with little security oversight, organizations need good guardrails that catch dangerous install scripts, risky dependency updates, [and] hardcoded secrets,” said Isaac Evans, co-founder and CEO of Semgrep in an email to eSecurityPlanet.
Inside the SAP npm Package Compromise
This issue affects SAP Cloud Application Programming Model (CAP) and Cloud MTA packages, meaning developers and build systems may have unknowingly executed malicious code during normal dependency installation.
According to researchers, the compromised packages included @cap-js/sqlite v2.2.2, @cap-js/postgres v2.2.2, @cap-js/db-service v2.10.1, and mbt v1.2.48.
How the npm Preinstall Attack Worked
The attack leveraged npm’s preinstall script functionality, which runs automatically during package installation.
In this case, the script executed a loader (setup.mjs) that downloaded the Bun JavaScript runtime and used it to run an obfuscated payload.
This technique allowed the attackers to execute malicious code as part of a routine and trusted development process, requiring no additional user interaction.
Credential Theft and Data Targeting
Once executed, the payload acted as an information stealer, targeting a broad set of sensitive data.
This included npm and GitHub authentication tokens, SSH keys, cloud credentials for AWS, Azure, and Google Cloud, Kubernetes configurations, and CI/CD pipeline secrets.
The malware also attempted to extract secrets directly from CI runner memory, bypassing common protections such as log masking and increasing the likelihood of credential exposure.
Command-and-Control and Propagation Techniques
Researchers also observed that the malware used GitHub as part of its command-and-control (C2) infrastructure.
Stolen data was encrypted and uploaded to repositories under victim accounts, while specially crafted commit messages were used as a dead-drop mechanism to retrieve additional tokens.
The payload also attempted to self-propagate by using stolen credentials to compromise additional npm packages and repositories.
Aikido researchers have linked the activity to the TeamPCP threat group, which has previously conducted similar supply chain attacks against companies like Bitwarden and Checkmarx.
Reducing Risk in Software Supply Chains
As software supply chain attacks become more common, organizations need to take a proactive approach to reducing risk across development environments.
Modern applications rely heavily on third-party packages and automated pipelines, creating multiple opportunities for compromise if not properly secured.
- Remove compromised packages, rebuild affected systems from trusted sources, and rotate all potentially exposed credentials.
- Implement strong dependency controls by pinning versions, verifying package integrity, and using private registries or approved package allowlists.
- Restrict and audit package lifecycle scripts, and limit execution of untrusted code during installation and build processes.
- Enforce least privilege, short-lived tokens, and multi-factor authentication for developer accounts, CI/CD systems, and package repositories.
- Secure CI/CD pipelines with isolated, ephemeral builds, limited network access, and continuous monitoring for anomalous activity.
- Continuously scan, monitor, and analyze dependencies and environments using DevSecOps tools.
- Test incident response plans and use attack simulation tools with scenarios around software supply chain attacks.
These measures help organizations reduce software supply chain exposure and build resilience against emerging threats.
Why Software Supply Chains Are a Target
This attack reflects a broader shift in how threat actors approach initial access.
As organizations increasingly depend on open-source and vendor-managed packages, software supply chains have become a practical entry point for compromise.
By targeting trusted distribution channels, attackers can introduce malicious code into environments through routine processes like dependency installation or updates, often without immediate detection.
These risks are leading organizations to adopt zero trust solutions that help continuously verify access and limit the impact of compromised software dependencies.
