Bitwarden NPM Package Compromised in Recent Supply Chain Cyberattack

Post Views: 2

Supply Chain Attack Compromises Bitwarden CLI Package, Exfiltrates Credentials and Secrets

A critical vulnerability was discovered in the Bitwarden Command-Line Interface (CLI) package on npm, a popular open-source password management platform.

The vulnerability allowed attackers to exfiltrate sensitive information, including credentials and secrets, from victim machines.
The compromised package, version 2026.4.0, was specifically designed to target users who installed the package, allowing the attackers to fetch a JavaScript payload that stole credentials and secrets from victims’ machines.

According to JFrog, “the most notable aspect of this package is that it combines a supply chain compromise of a legitimate CLI identity with a broad post-install secret theft framework.” Instead of stopping at .npmrc or a single PAT, the malware systematically pivots across local credentials, CI secrets, GitHub repositories, and multiple cloud secret stores.

The attack is linked to a recent supply chain attack on Checkmarx, which compromised the company’s public DockerHub KICS image, public ast-github-action, VS Code extension, and Developer Assist extension. The malware used in the attack was designed to harvest credentials and exfiltrate them to the checkmarx.cx domain or to repositories created under the victim’s GitHub account, a pattern used in the Bitwarden supply chain attack as well.

Socket’s analysis of the two incidents revealed the use of the same embedded payload structure, credential harvesting method, propagation technique, and Russian locale kill switch. The shared tooling suggested a connection to the same malware ecosystem, but operational signatures differed in ways that complicated attribution.

The attackers claimed responsibility for the Checkmarx incident on social media, but the Bitwarden payload contained the “Shai-Hulud: The Third Coming” string, suggesting that the incident represented the latest phase of the previous campaign. Terms such as atreides, fremen, sandworm, and sardaukar were also found in the code, pointing to a possible overlap with the Shai-Hulud campaigns.

User data is being publicly exfiltrated to GitHub, often going undetected because security tools typically don’t flag data being sent there. This makes the risk significantly more dangerous: anyone searching GitHub can potentially find and access those credentials. Sensitive data is no longer in the hands of a single threat actor; it’s exposed to anyone.

To mitigate this threat, users should take immediate action to rotate secrets and credentials if they were affected. The situation highlights the importance of robust security measures, including regular updates, secure practices, and vigilant monitoring to prevent similar attacks in the future.