SAP npm Packages Compromised in Suspected TeamPCP Supply-Chain Attack Security researchers have uncovered a supply-chain attack targeting multiple official SAP npm packages, believed to be orchestrated by the TeamPCP threat group. The compromise affected four packages @cap-js/sqlite (v2.2.2), @cap-js/postgres (v2.2.2), @cap-js/db-service (v2.10.1), and mbt (v1.2.48) which support SAP’s Cloud Application Programming Model (CAP) and Cloud MTA, widely used in enterprise development. The malicious packages contained a preinstall script that executed automatically upon installation, deploying a loader (setup.mjs) to fetch the Bun JavaScript runtime from GitHub. This runtime then ran an obfuscated execution.js payload, designed to steal sensitive credentials from developer systems and CI/CD environments, including: - npm and GitHub authentication tokens - SSH keys and developer credentials - Cloud credentials (AWS, Azure, Google Cloud) - Kubernetes configurations and secrets - CI/CD pipeline secrets and environment variables On CI runners, the malware used an embedded Python script to scan process memory (/proc/\<pid\>/maps and /proc/\<pid\>/mem) for secrets, bypassing log masking a tactic identical to previous TeamPCP attacks, such as those targeting Bitwarden and Checkmarx. Stolen data was encrypted and exfiltrated to public GitHub repositories under victims’ accounts, marked with the description "A Mini Shai-Hulud has Appeared" a reference mirroring the "Shai-Hulud: The Third Coming" string from earlier attacks. The malware also employed GitHub commit searches as a dead-drop mechanism, decoding commit messages containing base64-encoded tokens to escalate access. Additionally, the payload included self-propagation capabilities, using stolen credentials to modify other accessible packages and repositories, further spreading the infection. Researchers have linked the attack to TeamPCP with medium confidence, citing similarities in code and tactics to prior incidents involving Trivy, Checkmarx, and Bitwarden. While the exact compromise vector remains unclear, evidence suggests an exposed NPM token from a misconfigured CircleCI job may have been exploited. SAP has not yet responded to inquiries regarding the breach. The affected package versions have since been deprecated on npm.