The keys to all the caches imperceptibly changed the owner.
The attackers again hit the supply chain ndpm, but this time they chose a narrow and dangerous target – the packages used by developers in the SAP ecosystem. The malware campaign “Mini Shai-Hulud” looks small in the number of affected components, but can give access to tokens, cloud secrets and working environments of companies.
According to Aikido, version 2.2.2.1 @cap-js/db-service versions 2.2.2, @cap-js/postgres versions 2.2.2, @cap-js/db-service versions 2.10.1 and mbt version 1.2.48 were at risk. In the packages added a preinstall scenario, which automatically ran the setup.mjs file when installed via npm. The main code at the same time looked like legitimate, and the malicious logic was hidden in two new files - setup.mjs and execution.js.
The first file downloaded the JavaScript-rantaini Bun 1.3.13 with GitHub and launched the second phase of the attack through it. The execution.js file was a major ombitted module measuring 11.7 MB, which stole the accounts from work machines and CI / CD servers. Among the targets were GitHub and NPm tokens, environment variables, GitHub Actions secrets, AWS, Azure, GCP, Kubernetes, as well as Claude, MCP, Signal, Electrum and VPN configurations.
Particularly dangerous is the mechanism of work with GitHub Actions. The malware code included the Python component that Runner.Worker was looking for, read the wound memory and tried to get hidden secrets from internal structures.
The most likely entry point, the authors of the report consider the leak of the npm-token through the assembly of pull request in the CircleCI system. In the SAP/cloud-mta-build-tool repository on April 29, a short-lived draft PR appeared with changes in the CI. Although the branch was later re-recorded, CircleCI magazines kept traces of the Bun bootloader, the ophascid load and the launch of the test command, next to which the disguised secrets of the project appeared, including npm- and GitHub tokens.
To output data, the malware used GitHub public repositories. The new repositories received thematic names related to the artwork “Dune” and an identical description: “A Mini Shai-Hulud has Appeared”, and the encrypted results were stored in results/results-.json files. For distribution, messages of comets with the marker "OhNoWhatsGoingOnWithGitHub" were used, from which the encoded tokens of GitHub were extracted.
The authors of the report warn that when installing the affected versions, it is impossible to limit the replacement of npm tokens. It is necessary to consider compromising GitHub, cloud services, Kubernetes, CI / CD secrets and local development tools. It is also worth checking locks, package caches, CI logs, internal registries and workstations for the presence of setup.mjs, execution.js, Bun 1.3.13 downloads and suspicious .claude or .vscode directories.
The attackers again hit the supply chain ndpm, but this time they chose a narrow and dangerous target – the packages used by developers in the SAP ecosystem. The malware campaign “Mini Shai-Hulud” looks small in the number of affected components, but can give access to tokens, cloud secrets and working environments of companies.
According to Aikido, version 2.2.2.1 @cap-js/db-service versions 2.2.2, @cap-js/postgres versions 2.2.2, @cap-js/db-service versions 2.10.1 and mbt version 1.2.48 were at risk. In the packages added a preinstall scenario, which automatically ran the setup.mjs file when installed via npm. The main code at the same time looked like legitimate, and the malicious logic was hidden in two new files - setup.mjs and execution.js.
The first file downloaded the JavaScript-rantaini Bun 1.3.13 with GitHub and launched the second phase of the attack through it. The execution.js file was a major ombitted module measuring 11.7 MB, which stole the accounts from work machines and CI / CD servers. Among the targets were GitHub and NPm tokens, environment variables, GitHub Actions secrets, AWS, Azure, GCP, Kubernetes, as well as Claude, MCP, Signal, Electrum and VPN configurations.
Particularly dangerous is the mechanism of work with GitHub Actions. The malware code included the Python component that Runner.Worker was looking for, read the wound memory and tried to get hidden secrets from internal structures.
The most likely entry point, the authors of the report consider the leak of the npm-token through the assembly of pull request in the CircleCI system. In the SAP/cloud-mta-build-tool repository on April 29, a short-lived draft PR appeared with changes in the CI. Although the branch was later re-recorded, CircleCI magazines kept traces of the Bun bootloader, the ophascid load and the launch of the test command, next to which the disguised secrets of the project appeared, including npm- and GitHub tokens.
To output data, the malware used GitHub public repositories. The new repositories received thematic names related to the artwork “Dune” and an identical description: “A Mini Shai-Hulud has Appeared”, and the encrypted results were stored in results/results-.json files. For distribution, messages of comets with the marker "OhNoWhatsGoingOnWithGitHub" were used, from which the encoded tokens of GitHub were extracted.
The authors of the report warn that when installing the affected versions, it is impossible to limit the replacement of npm tokens. It is necessary to consider compromising GitHub, cloud services, Kubernetes, CI / CD secrets and local development tools. It is also worth checking locks, package caches, CI logs, internal registries and workstations for the presence of setup.mjs, execution.js, Bun 1.3.13 downloads and suspicious .claude or .vscode directories.
