Software supply chain attacks keep evolving, and the latest campaign discovered by Wiz shows just how dangerous open-source dependency compromise can be.
Researchers recently uncovered a malicious campaign dubbed "Mini Shai-Hulud" that targeted developers using SAP-related npm packages. The attack weaponized trusted packages by injecting malicious code that silently executed during installation, stealing credentials and attempting to spread further into developer environments.
This incident is another reminder that modern attacks are no longer focused solely on production systems. Increasingly, attackers are targeting developers directly.
What Happened?
According to Wiz researchers, several legitimate SAP-related npm packages were compromised after malicious versions were uploaded to the npm registry.
Affected packages included:
@cap-js/sqliteversion 2.2.2@cap-js/postgresversion 2.2.2@cap-js/db-serviceversion 2.10.1mbtversion 1.2.48
These packages are commonly used in SAP development workflows, which made them attractive targets. Developers installing these versions unknowingly executed malicious code during the installation process.
How the Attack Worked
The malicious packages leveraged npm's preinstall hook, which allows scripts to run automatically before package installation completes.
Downloaded Additional Tools
It installed Bun, a JavaScript runtime, to help execute additional malicious scripts.
Executed Obfuscated Payloads
The malware used heavily obfuscated code to hide its true behavior from developers and security tools.
Stole Sensitive Credentials
The payload searched for and exfiltrated GitHub credentials, npm credentials, cloud provider secrets, Kubernetes configuration files, CI/CD secrets, and browser-stored passwords.
GitHub as an Exfiltration Channel
One of the more interesting aspects of this campaign was its use of GitHub as an exfiltration platform.
Instead of sending stolen credentials to suspicious command-and-control servers, the malware created attacker-controlled GitHub repositories, uploaded stolen data, and used encrypted payload delivery.
This approach helps attackers blend into normal developer traffic, making detection significantly harder.
Self-Propagation Features
Mini Shai-Hulud wasn't designed solely for theft. It also attempted to spread itself by modifying repositories, poisoning package distributions, and adding malicious files to development environments.
Researchers noted suspicious files being dropped into .vscode and .claude directories.
This is especially concerning because it suggests attackers are beginning to target AI-assisted coding environments. As IDE extensions and AI coding tools become more integrated into development workflows, attackers are adapting to find footholds there too.
Anti-Analysis Behavior
The malware reportedly checked system language settings and terminated itself on Russian-language systems.
This behavior is commonly seen in malware developed by threat actors attempting to avoid law enforcement attention in certain regions.
Why This Attack Matters
Open-source trust is fragile. Developers often trust package registries without verifying package integrity, and attackers know it.
Developer environments are now prime targets. Stealing credentials from developers often provides easier access than attacking hardened production systems.
Supply chain attacks scale rapidly. A single compromised dependency can impact thousands of downstream organizations simultaneously.
Attackers are adapting to AI tooling. Targeting .claude and .vscode directories suggests attackers are paying attention to how developers increasingly rely on AI-assisted development environments.
How Organizations Can Protect Themselves
Audit dependencies immediately
Search your environments for the affected package versions listed above and remove them.
Rotate credentials
If these packages were installed, rotate GitHub tokens, npm credentials, cloud provider credentials, Kubernetes secrets, and any CI/CD pipeline credentials that may have been accessible.
Improve dependency security
Use dependency pinning, package verification, Software Bills of Materials (SBOMs), private registries, and dependency scanning tools. Platforms like GitHub Dependabot, Snyk, and Wiz can help detect suspicious packages before they reach developer machines.
Monitor developer endpoints
Security teams should monitor for unexpected package installation behavior, unauthorized GitHub repository creation, secret exfiltration attempts, and suspicious CLI tool downloads.
Sources: - Wiz: Mini Shai-Hulud — Supply Chain Attack Targeting SAP npm Packages