SAP Ecosystem Targeted: The Mini Shai-Hulud Supply Chain Attack

A sophisticated npm supply-chain compromise dubbed “Mini Shai-Hulud” has recently emerged, creating an urgent risk for SAP CAP development teams and CI/CD environments. Threat actors leverage trusted packages to deliver an 11.7 MB credential stealer and self-propagating framework. Instead of simply disrupting services, this malware silently harvests a wide array of highly sensitive secrets from developer machines and CI runners, placing enterprise intellectual property and infrastructure at risk.

The Targets: SAP CAP and Cloud Ecosystem

This attack specifically targets the SAP developer ecosystem, heavily impacting packages connected to SAP’s Cloud Application Programming (CAP) model and SAP Cloud deployment workflows.

The compromised npm packages include:

• @cap-js/sqlite – v2.2.2
• @cap-js/postgres – v2.2.2
• @cap-js/db-service – v2.10.1
• [email protected] (the Cloud MTA Build Tool)

While the list of affected packages is small, the potential impact is massive. These packages are a core part of SAP CAP database ecosystems, meaning they commonly run on developer machines and CI runners with high-level access to enterprise deployment secrets, cloud credentials, and GitHub repositories.

Inside the Attack: Anatomy of a Wormable Secret Stealer

Researcher Adnan Khan states that a misconfigured CircleCI may be the cause of an exposed NPM token.

Once the attackers gained access, they modified the legitimate SAP packages by injecting a malicious preinstall hook into the package.json file. This ensures that the malicious code runs automatically before the package installation even completes, executing with whatever privileges triggered the install.

The attack unfolds in two main stages:

1. The Loader (setup.mjs): This script acts as a bootstrapper. It checks the host system, downloads the Bun JavaScript runtime (v1.3.13) from GitHub, and uses it to execute the main payload.
2. The Payload (execution.js): This is a credential stealer. On developer machines, it hunts for SSH keys, cloud credentials (AWS, Azure, GCP), Kubernetes configs, environment variables, AI tool configs, and cryptocurrency wallets. In CI environments, it deploys a memory scanner to extract masked secrets directly from the CI runner’s memory.

Once the secrets are harvested, the malware encrypts the data and exfiltrates it through newly created GitHub repositories. These repositories are tagged with the description: A Mini Shai-Hulud has Appeared.

Furthermore, the malware is designed to spread. Using stolen npm and GitHub tokens, it enumerates other packages maintained by the victim, injects itself into them, and publishes new compromised versions under the guise of “chore: update dependencies”. It also establishes persistence by injecting backdoors into IDE and AI coding assistant configurations, such as .vscode and .claude folders.

Securing Your Environment: Detection and Mitigation

If your team uses SAP CAP or MTA-based deployment pipelines, immediate action is required to defend against this severe threat.

• Audit Dependencies: Immediately review your dependency trees, lockfiles, and package caches for the affected package versions.
• Rotate All Secrets: If you suspect exposure, you must rotate all credentials, not just npm tokens. The payload targets a vast array of secrets, including GitHub tokens, cloud provider keys, CI variables, and Kubernetes service accounts.
• Hunt for Indicators of Compromise (IoCs): Scan your developer machines, logs, and internal registries for suspicious files, and watch for unexpected downloads of Bun 1.3.13 during package installation. Also, monitor cloud metadata endpoints for unauthorized access originating from runtime processes.
• Monitor GitHub Activity: Look for unexpected repositories with the description A Mini Shai-Hulud has Appeared, commits authored by [email protected], or commits containing the dead-drop keyword OhNoWhatsGoingOnWithGitHub.