Security Research

SAP Cloud Build Tool Packaged A Mini Shai-Hulud Malicious Dependency That Uses Bun

SAP npm Packages Compromised in Supply Chain Attack Using Obfuscated Bun Runtime Payload

April 29th, 2026

“A Mini Shai-Hulud has Appeared.” StepSecurity reported a new coordinated npm supply chain attack targeting SAP development ecosystem packages.

The attackers compromised multiple packages including mbt (SAP's Cloud MTA Build Tool wrapper) and @cap-js/sqlite (SQLite adapter for SAP Cloud Application Programming Model). The malicious packages use preinstall hooks to download the Bun JavaScript runtime and execute an obfuscated payload.

The attack creates GitHub repositories with the distinctive description "A Mini Shai-Hulud has Appeared" indicating successful credential theft from affected developer machines.

For Semgrep Customers

Semgrep has an advisory and rule you can find to check your projects.

  1. Trigger a new scan if you haven't recently on your projects.

  2. Check the advisories page to see if any projects have installed these package versions recently: https://semgrep.dev/orgs/-/advisories

  3. Check your dependency filter for matches. If you see “No matching dependencies” you are not actively using the malicious dependency in any of your projects. If you did match, additional advice on remediation and indicators of compromise are below.

Affected Packages

These packages are high-value targets because they sit in common SAP development workflows. @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service are part of the SAP CAP database ecosystem, while mbt is used in SAP Cloud MTA build workflows. That makes the campaign small in package count but potentially high impact, especially for environments where developer machines or CI runners hold GitHub, npm, cloud, Kubernetes, or enterprise deployment secrets.  

- mbt version 1.2.48

- @cap-js/sqlite version 2.2.2

- @cap-js/postgres (all versions)

- @cap-js/db-service (all versions)

Indicators of Compromise

The attack creates GitHub repositories with the distinctive description A Mini Shai-Hulud has Appeared, indicating successful credential theft from victim developer machines or CI environments. The stolen data is written under paths like results/results-<timestamp>-<counter>.json, compressed, encrypted with AES-256-GCM, and the AES key is wrapped with an embedded RSA public key.  

Review GitHub activity for signs of exfiltration or propagation. Look for repositories with the description A Mini Shai-Hulud has Appeared, commits containing OhNoWhatsGoingOnWithGitHub, unexpected .claude/ or .vscode/setup.mjs files, commits titled chore: update dependencies, commits authored by claude <claude@users.noreply.github.com>, and result files under results/results-*.json.  

If any affected package was installed, rotate secrets broadly. Do not limit rotation to npm tokens. The payload targets GitHub tokens, npm tokens, GitHub Actions secrets, AWS secrets, Azure Key Vault secrets, GCP Secret Manager values, Kubernetes tokens, environment variables, and local developer tooling configuration.  

Packages

- mbt@1.2.48

- @cap-js/sqlite@2.2.2

- @cap-js/postgres

- @cap-js/db-service

Domains / C2 Servers

- None identified

Files / System Artifacts

- setup.mjs

- execution.js

Dive deeper into Security Research or continue reading our featured posts.

April 20, 2026
Mythos: Bad Takes, Facts, and Fear
profile image
Isaac Evans
March 19, 2026
Will there be more security engineers in the future, or fewer?
profile image
Isaac Evans
March 18, 2026
Introducing Semgrep Custom Workflows
profile image profile image
Vivek Khimani Braden Riggs