Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
تنبيه بخصوص سلسلة التوريد (Supply Chain): اختراق Bitwarden CLI فـ حملة "Checkmarx" كبـيرة
Supply Chain Alert: Bitwarden CLI Compromised in Massive "Checkmarx" Campaign
TL;DR: Bitwarden CLI version 2026.4.0 was briefly compromised via a CI/CD pipeline breach. The malicious package, active for about 90 minutes on April 22, 2026, was designed to steal developer secrets, cloud credentials, and AI tool configurations. Bitwarden confirms vault data remains secure.
A sophisticated supply chain attack has hit the Bitwarden CLI, marking a significant escalation in an ongoing campaign targeting developer ecosystems. According to reports from security firms JFrog, Socket, and OX Security, the compromise was part of a larger campaign currently affecting repositories that utilize compromised GitHub Actions.
The Breach: How It Happened
The attack targeted the official Bitwarden CLI distribution on npm. Researchers identified the affected version as @bitwarden/cli@2026.4.0.
The compromise originated from a GitHub Action within Bitwarden's CI/CD pipeline. Specifically, Bitwarden's repository utilized checkmarx/ast-github-action, an artifact previously compromised in a broader supply chain incident known as the "Checkmarx campaign."
Security researcher Adnan Khan noted that this incident likely represents the first time a package using NPM Trusted Publishing—a security feature designed to prevent manual credential theft—has been compromised via a poisoned workflow.
Technical Analysis of the Malware
The malicious code was embedded in a file named bw1.js and triggered automatically via a preinstall hook. Once executed, the payload acted as a highly capable credential harvester.
What was stolen?
The malware was engineered to exfiltrate a wide array of sensitive data, including:
- Developer Credentials: GitHub and npm tokens,
.sshkeys, and.envfiles. - System Info: Shell history and environment secrets.
- Cloud Secrets: Credentials for various cloud providers.
- AI Coding Assistants: Configurations for tools like Claude, Kiro, Cursor, Codex CLI, and Aider.
Exfiltration Tactics
The stolen data was encrypted using AES-256-GCM. To avoid detection, the attackers used two primary exfiltration paths:
- Impersonation Domains: Data was sent to
audit.checkmarx[.]cx, a domain designed to mimic legitimate security infrastructure. - GitHub Dead-Drops: As a fallback, stolen data was pushed to public GitHub repositories created under victim accounts. These repositories often followed a specific naming convention (e.g.,
<word>-<word>-<3 digits>).
Impact and Remediation
Bitwarden has responded to the incident, clarifying that the window of exposure was limited to April 22, 2026, between 5:57 PM and 7:30 PM (ET).
In an official statement, Bitwarden emphasized:
- Vault Data is Safe: There is no evidence that end-user vault data or production systems were compromised.
- Containment: The malicious npm version has been deprecated, and the compromised access tokens have been revoked.
- Scope: The issue was restricted to the npm distribution mechanism and did not affect the core Bitwarden codebase.
Attribution: "Shai-Hulud" and TeamPCP
Evidence suggests a threat actor known as TeamPCP may be behind the attack. Researchers at OX Security identified the string "Shai-Hulud: The Third Coming" within the package, a reference to the Dune universe and a continuation of a campaign identified last year.
Interestingly, the malware contains a "kill-switch" that prevents execution if the system's locale is set to Russia, suggesting a potential geopolitical motivation or an attempt to avoid local law enforcement.
Conclusion: A Wake-up Call for Developers
The Bitwarden CLI incident underscores the fragility of CI/CD pipelines. Even with modern security measures like Trusted Publishing, a single compromised third-party GitHub Action can weaponize a trusted package.
Security teams are urged to check if @bitwarden/cli@2026.4.0 was installed in their environments during the 90-minute window on April 22. If so, immediate rotation of all secrets (GitHub tokens, SSH keys, Cloud credentials) is mandatory, as the malware is designed to self-propagate by using stolen tokens to infect other repositories reachable by the developer.
Source: https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.html
