1 hour ago
626
Four npm packages that were connected to SAPβs Cloud Application Programming Model were stolen. The hackers added code that steals crypto wallets, cloud credentials, and SSH keys from developers.
According to a report from Socket, the affected package versions include:
- mbt@1.2.48.
- @cap-js/db-service@2.10.1.
- @cap-js/postgres@2.2.2.
- @cap-js/sqlite@2.2.2.
These packages together get about 572,000 downloads a week from the SAP developer community.
npm packages steal cloud credentials and crypto wallets
Security researchers explained that the hacked packages pre-install a script that downloads and runs a Bun runtime binary from GitHub. It then runs an obfuscated 11.7MB JavaScript payload.
The original SAP source files are still there, but there are three additional new files:
- a modified package.json.
- setup.mjs.
- execution.js.
These files were timestamped hours after the real code. This shows that the tarballs were changed after being downloaded from a real source.
Socket called it βa strong signal of a coordinated, automated injection campaignβ that the loader script is byte-identical in all four packages, even though they are in two different namespaces.
When the payload runs, it checks if the system is set to Russian and stops if it is. It then branches depending on whether it finds a CI/CD environment, by checking 25 platform variables, such as GitHub Actions, CircleCI, and Jenkins, or a developer workstation.
On developer computers, the malware reads more than 80 different types of credential files. These include SSH private keys, AWS and Azure credentials, Kubernetes configs, npm and Docker tokens, environment files, and crypto wallets on eleven different platforms. It also goes after configuration files for AI tools like Claude and Kiro MCP settings.
The payload has two layers of encryption. A function called `__decodeScrambled()` uses PBKDF2 with 200,000 SHA-256 iterations and a salt called βctf-scramble-v2β to get the keys needed to decrypt something.
SAP payloads use GitHub as the primary channel. Source: Socket.The function name, algorithm, salt, and iteration count are the same as those in previous Checkmarx and Bitwarden payloads. This suggests that the same tools are being used in multiple campaigns.
Socket is keeping an eye on the activity under the name βTeamPCPβ and has made a separate tracking page for what it calls the βmini-shai-huludβ campaign.
Hackers target crypto developers persistently
The SAP package compromise is the most recent in a series of supply chain attacks that use package managers to steal digital asset credentials.
As Cryptopolitan reported at the time, researchers found five typosquatted npm packages in March 2026 that stole private keys from Solana and Ethereum developers and sent them to a Telegram bot.
ReversingLabs found a campaign called PromptMink a month later. In this campaign, a malicious package called @validate-sdk/v2 was added to an open-source crypto trading project through an AI-generated commit.
Cryptopolitanβs coverage of the ReversingLabs findings says that the attack, which was linked to the North Korean state-sponsored group Famous Chollima, specifically went after crypto wallet credentials and system secrets.
The SAP attack is different in size and direction. Instead of making fake packages with names that are similar to real ones, the attackers got into real, widely used packages that were kept under SAPβs namespace.
Security researchers recommend that teams that use SAP CAP or MTA-based deployment pipelines check their lockfiles right away for the affected versions.
Developers who installed these packages during the exposure window should change any credentials and tokens that may have been available in their build environments and check CI/CD logs for any unexpected network requests or binary execution.
According to researchers, at least one affected version, @cap-js/sqlite@2.2.2, seems to have already been unpublished from npm.
If you want a calmer entry point into DeFi crypto without the usual hype, start with this free video.
English (US)