Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools
@bitwarden/cli@2026.4.0 was compromised on npm with a malicious preinstall hook that deployed an obfuscated credential stealer. The malware harvests developer secrets, GitHub Actions tokens, and AI tool configurations, exfiltrating encrypted data to a Checkmarx-impersonating domain.
- Disclosed
- Last updated
- Blast radius
- Developers using @bitwarden/cli, GitHub Actions workflows, and AI tooling environments
- Ecosystems
- Attack vectors
- Affected entities
- @bitwarden/cli · 2026.4.0
The official Bitwarden CLI package (@bitwarden/cli) version 2026.4.0 was found compromised on the npm registry. A malicious preinstall hook was injected into the package, which silently downloads and executes a 9.7 MB obfuscated credential stealer written in Bun JavaScript runtime.\n\nThe malware targets multiple categories of sensitive data: developer credentials, environment variables from GitHub Actions, and configuration files from AI coding tools including ~/.claude.json and MCP server configurations. All stolen data is encrypted using AES-256-GCM before exfiltration to audit.checkmarx.cx, a domain impersonating the legitimate security company Checkmarx.\n\nWhen GitHub tokens are discovered, the malware leverages them to inject malicious workflows into affected repositories and extract CI/CD secrets. This behavior escalates a single compromised developer machine into a multi-stage supply chain attack vector, enabling lateral movement across organizational infrastructure and downstream dependent projects.\n\nThe incident was disclosed by StepSecurity on May 4, 2026.
Indicators of compromise
- Packages
- @bitwarden/cli@2026.4.0
- Domains
- audit.checkmarx.cx
Remediation
- Immediately uninstall or upgrade @bitwarden/cli from version 2026.4.0 to a verified patched version
- Audit npm install logs and lock files for evidence of package installation between the compromise and remediation dates
- Rotate all developer credentials, GitHub personal access tokens, and API keys that may have been exposed
- Review GitHub Actions workflow history and commit logs for unauthorized modifications or malicious injections
- Scan ~/.claude.json and other AI tool configuration directories on affected systems for evidence of exfiltration
- Monitor network traffic and logs for connections to audit.checkmarx.cx or other suspicious domains
- Regenerate CI/CD secrets and runner tokens within GitHub Actions and other CI/CD platforms
- Implement package registry integrity monitoring and preinstall script auditing to prevent future supply chain attacks
Sources
Cite this entry
"Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed May 4, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/bitwarden-cli-hijacked-on-npm-bun-staged-credential-stealer-targets-developers-g-n1hhgh
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
Malware in @doaction/auth
Malware discovered in the npm package @doaction/auth. Systems with this package installed are considered fully compromised and require immediate remediation.
npmCompromised package - containedcritical
Malware in @doaction/shared
Malware was discovered in the npm package @doaction/shared. Systems with this package installed are considered fully compromised and require immediate remediation.
npmCompromised package - containedcritical
Malware in transacts
The npm package transacts was found to contain malware, resulting in full system compromise of any computer with the package installed or running. All secrets and keys should be rotated immediately from a different computer, and the package should be removed.
npmCompromised package - containedcritical
Malware in buffer-utilities
Malware was discovered in the npm package buffer-utilities, resulting in full system compromise for any installation. The package should be removed immediately and all secrets and keys rotated from a clean system.
npmCompromised package