Overview
- Bitwarden confirmed a malicious @bitwarden/cli@2026.4.0 package was live for about 93 minutes on Wednesday, April 22, before removal, and said no vault or production data was accessed.
- The rogue version used a preinstall loader (bw_setup.js) to fetch the Bun runtime and execute an obfuscated payload (bw1.js) that ran during installation.
- The malware harvested GitHub and npm tokens, SSH keys, .env files, shell history, and cloud credentials for AWS, Azure, and Google Cloud, then exfiltrated data to a fake Checkmarx domain and to public GitHub repositories.
- Researchers say the payload attempted self‑propagation by using stolen publish tokens to republish infected npm packages and included logic to spread to Python’s PyPI ecosystem.
- Analysts link the tooling to the recent Checkmarx incident via the same telemetry endpoint and obfuscation patterns, note disputed TeamPCP/Shai‑Hulud ties, and urge affected developers to remove the package and rotate all potentially exposed secrets.