Hackers Exploit Bitwarden CLI Vulnerability for Malicious Activity
A Sophisticated Attack Campaign Exploiting Trusted Developer Tools
Researchers at GitGuardian have uncovered a sophisticated attack campaign carried out by a group known as TeamPCP, which exploited trusted developer tools to compromise a widely-used password manager called Bitwarden.
The Attackers’ Methodology
The attackers used a cross-campaign pivot to exploit trusted developer tools, including a self-propagating worm known as Shai-Hulud. They hijacked the Bitwardan CLI, a command-line interface that allows developers to interact with the vault directly from a terminal, often used in scripts, automation, and CI pipelines to retrieve secrets.
The Impact of the Attack
The attackers scanned the system for six specific tools, including Claude Code, Gemini CLI, Codex CLI, Kiro CLI, Aider, and OpenCode, and injected a 3,500-byte heredoc block into the ~/.bashrc and ~/.zshrc files. This malicious code ensured that the malware would run automatically every time a developer opened their terminal.
The Role of Dependabot
The attackers also used Dependabot, a trusted automation bot built into GitHub, to fetch a trojanized Checkmarx KICS Docker image on April 22, 2026. Dependabot pulled the trojanized checkmarx/kics:latest tag during an automated dependency update, executing the payload in CI with access to repository secrets.
The Importance of Regular Updates and Monitoring
This attack campaign highlights the importance of regularly updating dependencies and being cautious of automated systems designed to increase security. The attackers were able to steal repository secrets with zero human intervention due to the elevated CI permissions granted to Dependabot.
Conclusion
In total, the attack resulted in significant financial losses and compromised sensitive data. Law enforcement agencies have launched investigations into the matter, and the affected parties are working to mitigate the damage caused by the attack.
About Author
English