Security researchers have identified a new supply chain attack that has infiltrated four SAP NPM packages with malicious code. This campaign, named Mini Shai-Hulud, specifically targets packages associated with the SAP Cloud Application Programming (CAP) ecosystem and related deployment workflows. On April 29, four versions of these packages were flagged as malicious. The affected packages include npm mbt 1.2.48, npm @cap-js/db-service 2.10.1, npm @cap-js/postgres 2.2.2, and npm @cap-js/sqlite 2.2.2, which collectively receive over 500,000 downloads per week. The attackers injected a preinstall script into these packages that, when executed, downloads and runs a malicious binary from a GitHub repository.
The malicious code acts as an information stealer, targeting local credentials, GitHub and NPM tokens, and secrets from AWS, Azure, GCP, and other cloud services. The stolen data is exfiltrated to public GitHub repositories with a characteristic description signaling the attack. An additional propagation mechanism was included to modify package tarballs using compromised GitHub Actions tokens. Onapsis has confirmed that the malicious packages were available for only a short window of 2 to 4 hours, after which they were removed and replaced with clean versions.
The attack highlights a significant risk for developers and organizations using SAP CAP, as they may inadvertently integrate these compromised packages into their build pipelines. It is believed that a compromised NPM token exposed during CircleCI builds facilitated the attack. The cybersecurity firm Wiz attributes this incident to the TeamPCP hacking group, citing shared encryption keys as evidence. Organizations using SAP Business Technology Platform workflows or MTA-based deployment pipelines are advised to review their dependencies and verify if any malicious versions were installed during the exposure period.


