The never-ending supply chain attacks worm into SAP npm packages, other dev tools
The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package.
The newly compromised packages as of Thursday include intercom-client@7.0.5 (according to Google-owned Wiz) and intercom-client@7.0.4 (says supply-chain security firm Socket) and lightning@2.6.2 and 2.6.3.
Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages associated with SAP's JavaScript and cloud application development ecosystem. The SAP-related compromise is a Shai-Hulud-worm style campaign that calls itself Mini Shai-Hulud.
So far, these SAP-related npm packages include:
mbt@1.2.48
@cap-js/db-service@2.10.1
@cap-js/postgres@2.2.2
@cap-js/sqlite@2.2.2
Collectively, these four packages receive about 572,000 weekly downloads and are widely used by developers building cloud applications.
SAP did not answer The Register's questions about the compromise and instead sent us this statement: "A security note is published and available for SAP customers and partners." The note is only accessible to logged-in customers.
These latest offensives are called "Mini Shai-Hulud worm” attacks because of similarities to the earlier self-propagating Shai-Hulud malware that targeted npm packages.
Both Wiz and Socket attributed the SAP compromise to TeamPCP – the cybercrime crew linked to the earlier Checkmarx, Bitwarden, Telnyx, LiteLLM, and Aqua Security Trivy infections.
The two security shops also note that the Thursday attacks on the Intercom and lightning packages appear to contain the same malicious code seen in the SAP operation.
Here's what has happened in the world of supply-chain attacks over the past 48 hours.
SAP-related npm packages
On April 29, TeamPCP compromised four official npm packages from the SAP JavaScript and cloud application development ecosystem and published the poisoned releases between 09:55 and 12:14 UTC.
The compromised packages contain malicious preinstall scripts set to execute automatically on every npm install, and run attacker-controlled code before any application code runs.
This new campaign deploys a multi-stage payload that steals developer secrets, self-propagates, encrypts all the stolen goods, and then exfiltrates the now-locked secrets into a new GitHub repository under the victim's own account.
"The second-stage payload is a credential stealer and propagation framework designed to target both developer environments and CI/CD pipelines," the Wiz kids said on Thursday. "It collects sensitive data including GitHub tokens, npm credentials, cloud secrets (AWS, Azure, GCP), Kubernetes tokens, and GitHub Actions secrets – leveraging advanced techniques such as extracting secrets from runner memory. Exfiltration occurs via public GitHub repositories, where it posts encrypted payloads. Additionally, the malware includes propagation logic to infect additional repositories and package distributions."
Plus PyPI package lightning
Then on Thursday, an additional package was poisoned to execute credential-stealing malware on import. Up first: PyPI package Lightning versions 2.6.2 and 2.6.3.
Lightning is a widely used deep learning framework for training and deploying AI products. Developers download it hundreds of thousands of times every day.
"The obfuscated JavaScript payload contains many similarities to the Shai-Hulud attacks, overlapping in targeted tokens, credentials and obfuscation methods. Socket also identified signs that router_runtime.js both poisons GitHub repositories and infects developer npm packages," according to Socket, which also published a separate Mini Shai-Hulud supply-chain campaign page that it updates as new information comes to light.
And Intercom's npm package
Also on Thursday: Socket and Wiz sounded the alarm on a new compromise of the intercom-client npm package. Intercom is a customer communications platform, and intercom-client is a widely used official SDK for Intercom's API. It sees about 360,000 weekly downloads, and npm lists more than 100 dependent projects.
However, as Socket notes, the real exposure likely extends beyond these direct dependencies because the package is commonly installed in backend services, developer environments, and CI/CD pipelines that integrate with Intercom's API.
"The attack closely resembles the lightning@2.6.2 PyPI attack from earlier today, as well as the TeamPCP-linked supply chain campaign we reported yesterday affecting SAP CAP and Cloud MTA npm packages," Socket wrote.
Neither Intercom nor Lightning immediately responded to The Register's requests for comment. We will update this story when we hear back from any of the compromised organizations. ®
