- The official Bitwarden CLI package on npm was compromised, distributing a malicious version that steals credentials and secrets.
- The supply chain attack used a hacked GitHub Actions workflow, a method consistent with the broader Checkmarx campaign, and targeted developer AI tool configurations.
- While the malicious package has been deprecated, a single compromised developer installation could enable attackers to persistently inject malware into CI/CD pipelines.
- Security researchers detected a reference to “Shai-Hulud: The Third Coming” within the malware, suggesting this is a new phase of a known campaign.
- Bitwarden confirmed the incident was limited to its npm distribution mechanism and stated no end-user vault data was accessed or at risk.
The Bitwarden CLI became the latest victim in an ongoing supply chain campaign, with a malicious version published on April 22, 2026, according to new findings shared by JFrog and Socket. This version, labeled @bitwarden/cli@2026.4.0, contained code designed to exfiltrate sensitive developer data to attackers.
The attack appears to have leveraged a compromised GitHub Action in Bitwarden‘s CI/CD pipeline, consistent with the pattern seen across other affected repositories in this campaign. Consequently, the rogue package included a preinstall hook that executed data-stealing malware.
Data including GitHub and npm tokens, .ssh keys, and cloud secrets was exfiltrated to a domain impersonating Checkmarx. However, if this primary method failed, the stolen information was sent to a GitHub repository as a fallback.
The malware specifically targeted configurations for AI coding tools like Claude and Cursor. Meanwhile, if GitHub tokens were found, they were weaponized to inject malicious workflows into other repositories, as detailed in a blog post by Socket.
Security researcher Adnan Khan noted the threat actor used a malicious workflow for publication. “I believe this is the first time a package using NPM trusted publishing has been compromised,” Khan added.
OX Security said it identified the string “Shai-Hulud: The Third Coming” in the package, suggesting this is likely the next phase of the supply chain attack campaign. Interestingly, the malware is designed to quit execution on systems if their locale corresponds to Russia.
Bitwarden confirmed the incident stemmed from the compromise of its npm distribution mechanism. The company emphasized that no end-user vault data was accessed or at risk, and the malicious npm release was deprecated shortly after detection.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
