Bitwarden CLI has been compromised as a part of the newly found and ongoing Checkmarx provide chain marketing campaign, in keeping with new findings from JFrog and Socket.
“The affected package deal model seems to be @bitwarden/cli@2026.4.0, and the malicious code was revealed in ‘bw1.js,’ a file included within the package deal contents,” the applying safety firm mentioned.
“The assault seems to have leveraged a compromised GitHub Motion in Bitwarden’s CI/CD pipeline, per the sample seen throughout different affected repositories on this marketing campaign.”
In a put up on X, JFrog mentioned the rogue model of the package deal “steals GitHub/npm tokens, .ssh, .env, shell historical past, GitHub Actions and cloud secrets and techniques, then exfiltrates the information to non-public domains and as GitHub commits.”
Particularly, the malicious code is executed by way of a preinstall hook, ensuing within the theft of native, CI, GitHub, and cloud secrets and techniques. The information is exfiltrated to the area “audit.checkmarx[.]cx” and to a GitHub repository as a fallback if the first technique fails.
All the collection of actions is listed under –
- It launches a credential stealer that targets developer secrets and techniques, GitHub Actions environments, and synthetic intelligence (AI) coding software configurations, together with Claude, Kiro, Cursor, Codex CLI, and Aider.
- The stolen information is encrypted with AES-256-GCM and exfiltrated to audit.checkmarx[.]cx, a website impersonating Checkmarx.
- If GitHub tokens are discovered, the malware weaponizes them to inject malicious Actions workflows into repositories and extract CI/CD secrets and techniques.
“A single developer with @bitwarden/cli@2026.4.0 put in can grow to be the entry level for a broader provide chain compromise, with the attacker gaining persistent workflow injection entry to each CI/CD pipeline the developer’s token can attain,” StepSecurity mentioned.
Whereas the malicious model is now not accessible for obtain from npm, Socket mentioned the compromise follows the identical GitHub Actions provide chain vector recognized within the Checkmarx marketing campaign.
As a part of the hassle, menace actors have been discovered abusing stolen GitHub tokens to inject a brand new GitHub Actions workflow that captures secrets and techniques accessible to the workflow run, and makes use of harvested npm credentials to push malicious variations of the package deal to learn the malware to downstream customers.
In response to safety researcher Adnan Khan, the menace actor is alleged to have used a malicious workflow to publish the malicious bitwarden CLI. “I imagine that is the primary time a package deal utilizing NPM trusted publishing has been compromised,” Khan added.
 |
| Bitwarden CLI Assault Chain | Supply: OX Safety |
It is suspected that the menace actor referred to as TeamPCP is behind the newest assault aimed toward Checkmarx. As of writing, TeamPCP’s X account has been suspended for violating the platform’s guidelines.
OX Safety, in a breakdown of the assault, mentioned it recognized the string “Shai-Hulud: The Third Coming” within the package deal, suggesting this might doubtless be the following section of the provide chain assault marketing campaign that got here to mild final 12 months.
 |
| Reference to the “Shai-Hulud: The Third Coming” |
“The newest Shai Hulud incident is simply the newest in an extended chain of threats focusing on builders world wide. Person information is being publicly exfiltrated to GitHub, typically going undetected as a result of safety instruments sometimes do not flag information being despatched there,” Moshe Siman Tov Bustan, Safety Analysis Staff Lead at OX Safety, mentioned.
“This makes the danger considerably extra harmful: anybody looking GitHub can doubtlessly discover and entry these credentials. At that time, delicate information is now not within the fingers of a single menace actor – it’s uncovered to anybody.”
Like within the case of the Checkmarx incident, the stolen information is exfiltrated to public repositories created below sufferer accounts utilizing a Dune-themed naming scheme in the identical format “
“The shared tooling strongly suggests a connection to the identical malware ecosystem, however the operational signatures differ in ways in which complicate attribution,” Socket mentioned. “This implies both a special operator utilizing shared infrastructure, a splinter group with stronger ideological motivations, or an evolution within the marketing campaign’s public posture.”
When reached for remark, Bitwarden confirmed the incident and mentioned it stemmed from the compromise of its npm distribution mechanism following the Checkmarx provide chain assault, however emphasised that no end-user information was accessed as a part of the assault. All the assertion shared with The Hacker Information is reproduced verbatim under –
The Bitwarden safety group recognized and contained a malicious package deal that was briefly distributed by way of the npm supply path for @bitwarden/cli@2026.4.0 between 5:57 PM and seven:30 PM (ET) on April 22, 2026, in reference to a broader Checkmarx provide chain incident.
The investigation discovered no proof that finish person vault information was accessed or in danger, or that manufacturing information or manufacturing programs have been compromised. As soon as the problem was detected, compromised entry was revoked, the malicious npm launch was deprecated, and remediation steps have been initiated instantly.
The difficulty affected the npm distribution mechanism for the CLI throughout that restricted window, not the integrity of the reliable Bitwarden CLI codebase or saved vault information.
Customers who didn’t obtain the package deal from npm throughout that window weren’t affected. Bitwarden has accomplished a evaluation of inner environments, launch paths, and associated programs, and no further impacted merchandise or environments have been recognized presently. A CVE for Bitwarden CLI model 2026.4.0 is being issued in reference to this incident.
(It is a growing story. Please test for extra particulars.)
