TeamPCP hits SAP npm packages, exfiltrating dev and CI credentials via GitHub dead-drops

Four official SAP npm packages — @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt — were trojanized with a preinstall script that pulls down the Bun runtime and executes an obfuscated info-stealer. The payload sweeps developer machines and CI runners for npm and GitHub tokens, SSH keys, AWS/Azure/GCP credentials, Kubernetes configs, and pipeline secrets. On CI runners, it reads /proc//mem of the Runner.Worker process to lift masked secrets straight out of memory, bypassing log redaction — a technique mirroring the Bitwarden and Checkmarx compromises.

Stolen data is encrypted and pushed to public GitHub repos under the victim’s account, tagged with a ‘Mini Shai-Hulud’ string that echoes prior TeamPCP campaigns. The malware also scans GitHub commits for a magic prefix used as a token dead-drop, and self-propagates by reusing harvested credentials to inject the same code into any other npm packages or repos the victim controls.

Researchers at Aikido and Socket attribute the operation to TeamPCP with medium confidence, citing structural overlap with the Trivy, Checkmarx, and Bitwarden supply-chain hits. SAP’s publishing pipeline compromise vector is unconfirmed, but a security engineer suggests an npm token may have leaked through a misconfigured CircleCI job — the same class of CI hygiene failure that keeps fueling this campaign.