Attackers uploaded a malicious version 2026.4.0 of the official Bitwarden CLI package to npm on April 22, operating for approximately 90 minutes before removal. The breach originated from a compromised GitHub Action in Bitwarden's CI/CD pipeline, injecting malicious code that installed credential-stealing malware via a custom loader. The payload harvested npm tokens, GitHub authentication tokens, SSH keys, and AWS, Azure, and Google Cloud credentials, then encrypted the data using AES-256-GCM.
Exfiltration occurred through the creation of public GitHub repositories under victims' accounts containing encrypted stolen data. The malware featured self-propagation capabilities, using stolen npm credentials to identify and inject malicious code into packages victims could modify. Bitwarden confirmed the incident affected only the npm distribution channel and end user vault data remained uncompromised, with compromised access immediately revoked.
The attack shares overlapping indicators with a separate Checkmarx supply chain incident, including the same telemetry endpoint, obfuscation routines, and exfiltration patterns. Both campaigns are linked to a threat actor known as TeamPCP, previously responsible for targeting developer packages in Trivy and LiteLLM attacks. Developers who installed the affected version must treat their systems as fully compromised and rotate all exposed credentials, particularly those used for CI/CD pipelines and cloud storage. Bitwarden has deprecated the malicious release and initiated remediation steps following detection.
Read more...