Official SAP npm Packages Compromised in Attack to Steal Cloud and Developer Credentials

Security researchers in late April 2026 uncovered a sophisticated supply-chain attack that compromised several official software packages from enterprise technology giant SAP. The malicious code, injected into widely used packages on the npm JavaScript registry, was designed to steal a vast range of developer credentials, authentication tokens, and sensitive cloud infrastructure secrets from corporate systems. The compromised packages include versions of `@cap-js/sqlite`, `@cap-js/postgres`, `@cap-js/db-service`, and `mbt`. These tools support SAP's Cloud Application Programming Model (CAP) and Cloud MTA, which are integral to building and deploying applications within SAP's enterprise cloud ecosystem. Any development workstation or automated build server that installed the affected versions is now considered compromised, according to security firm Redrays. The attack, dubbed “mini Shai-Hulud,” was executed by adding a malicious `preinstall` script to the packages. This type of script runs automatically whenever a developer or a build system runs the standard `npm install` command. According to reports from security outlets Aikido, Socket, and BleepingComputer, this script initiated a multi-stage process, starting with the download of the Bun JavaScript runtime from GitHub. This runtime was then used to execute a heavily obfuscated payload. This payload functioned as a comprehensive information-stealer, harvesting a wide array of sensitive data. It targeted local developer credentials, authentication tokens for both GitHub and the npm registry, and secrets used in GitHub Actions, the popular automation platform. Critically, it also sought out cloud credentials for major providers including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), as well as secrets for Kubernetes environments. The malware went a step further by extracting saved passwords from web browsers such as Chrome, Safari, Edge, and Brave. The stolen data was encrypted using AES-256-GCM, with the symmetric key itself being encrypted with a powerful RSA-4096 public key. This two-layer encryption ensures that only the attackers, who hold the corresponding private key, can decrypt and access the stolen corporate secrets. Beyond simple theft, the malware was engineered to self-propagate. Upon successfully stealing GitHub or npm tokens, the malicious code would attempt to use those credentials to access and modify other software packages and repositories. This allowed it to inject the same malicious code elsewhere, spreading the infection throughout a company's software supply chain. Researchers observed over 1,100 public GitHub repositories that appeared to be receiving exfiltrated, encrypted data from compromised systems. Security analysts have linked this campaign with medium confidence to a threat actor known as TeamPCP. This attribution is based on similarities in code and tactics to previous supply-chain attacks that targeted other developer-focused tools from companies like Trivy, Checkmarx, and Bitwarden. The investigation into the root cause revealed a critical failure in security processes. According to Redrays, the attackers gained initial access by compromising the GitHub account of a package maintainer. They then exploited a permissive configuration in npm's OpenID Connect (OIDC) trusted publisher service. This service is designed to allow automated systems to publish packages securely, but in this case, it was configured to trust any workflow from the legitimate SAP repository, not just the designated, official release workflow on the main branch. This oversight allowed the attacker to use their own malicious workflow to publish the poisoned packages. For at least one package, `mbt`, it is suspected that a stolen static npm token from a service account was used instead. For small and mid-sized businesses, the operational and financial implications of such a breach are severe. A compromise of cloud credentials can lead to unauthorized access to sensitive company data, customer information, and core infrastructure. This can result in catastrophic data breaches, regulatory fines, and complete operational shutdowns. The theft of developer credentials and source code repositories could also expose valuable intellectual property and trade secrets, undermining a company's competitive advantage. In our experience, the financial fallout from such operational security failures is often underestimated by business leaders who view cybersecurity as a purely technical problem. The reality is that a company's software supply chain is now a critical component of its overall risk profile. A single compromised developer account or a misconfigured build process can expose the entire organization to devastating financial losses, reputational damage, and legal liability. This incident serves as a stark reminder that security cannot be an afterthought; it must be deeply integrated into every business process, from software development to financial oversight. Treating these threats seriously requires a holistic approach that connects technical controls with clear financial governance. Proactively identifying and mitigating these vulnerabilities is a key component of the financial risk management strategies we design for clients. To understand how to better protect your company's assets from the cascading impact of supply-chain attacks, business leaders can consult with C&S Finance Group LLC at csfinancegroup.com for a comprehensive assessment. As of this report, SAP has not issued a public statement detailing the breach or its response. The incident is expected to trigger wider scrutiny across the software development industry, particularly regarding the security configurations of CI/CD pipelines and the use of trusted publisher mechanisms. Companies that rely on open-source registries and automated build tools will likely face increased pressure to audit their dependencies and harden their development workflows against similar account takeover and process exploitation attacks.