Official SAP npm packages compromised to steal credentials

A sophisticated supply-chain attack has targeted multiple official SAP npm packages, with security researchers attributing the compromise to the TeamPCP threat group. The attack specifically aimed to harvest credentials and authentication tokens from developer systems through malicious code injection.

The security breach affected four critical packages, all of which have since been deprecated on NPM:

• @cap-js/sqlite – v2.2.2
• @cap-js/postgres – v2.2.2
• @cap-js/db-service – v2.10.1
• mbt – v1.2.48

These packages serve as essential components for SAP's Cloud Application Programming Model (CAP) and Cloud MTA frameworks, which are widely adopted in enterprise development environments.

Comprehensive security analysis conducted by Aikido and Socket reveals that the attackers injected malicious 'preinstall' scripts into these packages. These scripts execute automatically during the npm installation process, triggering a sophisticated multi-stage payload delivery system.

The attack mechanism begins with a loader script called setup.mjs, which downloads the Bun JavaScript runtime from GitHub and subsequently executes a heavily obfuscated payload named execution.js. This sophisticated approach demonstrates the attackers' technical expertise and understanding of modern development workflows.

The malicious payload functions as a comprehensive information-stealing tool, targeting various types of sensitive data across development and production environments:

• npm and GitHub authentication tokens
• SSH keys and developer credentials
• Cloud service credentials for AWS, Azure, and Google Cloud platforms
• Kubernetes configuration files and secrets
• CI/CD pipeline secrets and environment variables

The malware employs particularly advanced techniques when operating in CI/CD environments. According to Socket's analysis, the payload executes an embedded Python script that directly reads process memory to extract secrets, stating: "On CI runners, the payload executes an embedded Python script that reads /proc//maps and /proc//mem for the Runner.Worker process to extract every secret matching 'key' :{ 'value': '...', 'isSecret':true} directly from runner memory, bypassing all log masking applied by the CI platform."

This memory-scanning capability mirrors techniques documented in previous TeamPCP attacks against Bitwarden and Checkmarx, providing strong evidence of the group's continued evolution and sophistication.

Once collected, the stolen data undergoes encryption and is subsequently uploaded to public GitHub repositories under the victim's account. These repositories feature the distinctive description "A Mini Shai-Hulud has Appeared," which aligns with the "Shai-Hulud: The Third Coming" signature observed in the Bitwarden supply-chain incident.

The attack also incorporates a clever dead-drop mechanism using GitHub's commit search functionality. As Aikido explains: "The malware searches GitHub commits for this string and uses matching commit messages as a token dead-drop. Commit messages matching OhNoWhatsGoingOnWithGitHub: are decoded into GitHub tokens and checked for repository access."

Beyond data theft, the malware includes self-propagation capabilities designed to expand the attack's reach. Using stolen npm or GitHub credentials, it attempts to compromise additional packages and repositories, injecting identical malicious code to create a spreading infection across the development ecosystem.

Security researchers have established a medium-confidence link between this attack and the TeamPCP threat group, based on code similarities and tactical overlaps with previous campaigns targeting Trivy, Checkmarx, and Bitwarden platforms.

While the exact compromise vector remains unclear, Security Engineer Adnan Khan has suggested that an exposed NPM token through a misconfigured CircleCI job may have provided the initial access point for the attackers.

BleepingComputer reached out to SAP for clarification regarding the npm package compromise mechanism but had not received a response at the time of publication. This incident underscores the critical importance of supply-chain security in modern software development and the sophisticated nature of current threats targeting the development ecosystem.