Supply‑Chain Sabotage: The Mini Shai Hulud Campaign Targeting SAP Developers
The software supply chain remains one of the most precarious links in modern cybersecurity, and a recent discovery has highlighted just how targeted these attacks can become.
Security researchers have uncovered a sophisticated campaign, dubbed “Mini Shai Hulud,” orchestrated by a threat actor known as TeamPCP. This campaign specifically targets the SAP developer ecosystem by compromising several legitimate npm packages, turning trusted development tools into vectors for credential theft.
Unlike “spray and pray” malware, this operation is surgical. It leverages the inherent trust in dependency management to execute malicious code silently during the standard build process, aiming for the “crown jewels” of development: CI/CD secrets and cloud environment credentials.
Technical Breakdown: Infection and Payload Execution
The attackers have successfully hijacked widely utilized SAP-related libraries, specifically targeting @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt. The infection logic is embedded within a preinstall script—a legitimate npm lifecycle hook—which allows the malware to trigger the moment a developer runs npm install.

The execution chain is designed for stealth and resilience:
- The Dropper: The pre-install script triggers a file named
setup.mjs. - Environment Masking: To bypass detection and evade specific geopolitical scrutiny, the script performs a locale check. If it detects Russian-language environment variables or system settings, the payload terminates immediately.
- Advanced Runtime Execution: To evade traditional JavaScript analysis, the dropper downloads the Bun JavaScript runtime. It uses Bun to launch a heavily obfuscated secondary payload,
execution.js, before the original package installation has even completed. - Data Exfiltration: Once active, the malware harvests GitHub tokens, npm credentials, Kubernetes access tokens, and sensitive cloud secrets from AWS, Azure, and GCP. The stolen data is encrypted via RSA and exfiltrated to attacker-controlled GitHub repositories using the GraphQL API, a method that blends in with legitimate developer traffic.
Strategic Evolution: Browser Theft and Repository Poisoning
What differentiates Mini Shai Hulud from previous TeamPCP campaigns is its expanded tactical scope. The malware now includes modules for web browser credential harvesting, specifically targeting stored passwords and session data in Chrome, Safari, Edge, and Brave.
Furthermore, if the initial attempt to snatch high-value API tokens fails, the malware shifts to a persistence and propagation phase. It attempts to “poison” the developer’s local environment by injecting malicious configuration files:
- AI Tooling Exploitation: For users of Claude Code, it creates malicious hooks that ensure the dropper executes upon every new session.
- IDE Integration: For Visual Studio Code users, it modifies task configurations so the payload runs automatically whenever a project directory is opened.
Mitigation and Incident Response
Security teams should treat this as a critical priority. We recommend the following immediate actions:
- Audit Dependencies: Scan
package-lock.jsonandyarn.lockfiles for the compromised versions of the mentioned SAP packages. - Secret Rotation: Assume all cloud provider keys (AWS/Azure/GCP), GitHub Personal Access Tokens (PATs), and CI/CD environment variables are compromised and rotate them immediately.
- Endpoint Scanning: Search developer workstations and CI runners for the specific SHA-256 hashes listed below.
Indicators of Compromise (IoCs)
| File Name | Affected Package | SHA-256 Hash |
|---|---|---|
setup.mjs |
All 4 Packages | 4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34 |
execution.js |
@cap-js/postgres |
eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb |
execution.js |
@cap-js/db-service |
eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb |
execution.js |
@cap-js/sqlite |
6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95 |
execution.js |
mbt |
80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac |