Malicious Bitwarden CLI Package Harvested Secrets Across Developer and CI Environments
A malicious package masquerading as @bitwarden/cli@2026.4.0 was analyzed as an obfuscated JavaScript supply-chain implant built to steal credentials and secrets from developer workstations and CI systems. The malware searched local files and shell environments for sensitive data, then targeted cloud and automation platforms including GitHub Actions, Azure Key Vault, and Google Cloud Secret Manager. It also attempted to validate and reuse stolen GitHub and npm tokens, indicating an effort to expand access and potentially propagate through software development ecosystems.
The implant used multiple exfiltration channels to move stolen data to attacker-controlled infrastructure, including encrypted HTTPS transmission and fallback delivery through attacker-created GitHub repositories. Its code included anti-analysis and operational safeguards such as environment checks, single-instance locking, daemonization, batching, timeout handling, and logic to avoid execution in Russian-language contexts. The activity reflects a software supply-chain threat aimed at quietly extracting high-value secrets from endpoints and build pipelines while maintaining resilience against disruption and investigation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Malicious @bitwarden/cli@2026.4.0 package analysis is published
A GitHub Gist analyzing '@bitwarden/cli@2026.4.0 bw1.js' was published, describing obfuscated JavaScript malware with credential theft, secret harvesting, token abuse, and multiple exfiltration mechanisms. The analysis indicates a supply-chain worm targeting local environments, CI runners, GitHub, npm, Azure Key Vault, and Google Cloud Secret Manager.
Objective-See publishes blog reference related to the story
A reference on Objective-See's Blog was published, providing early public context for the broader story. The supplied content does not include article body details, so only the publication event can be established from the reference metadata.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious Bitwarden CLI npm Package Stole Secrets in Supply-Chain Breach
Bitwarden confirmed that attackers briefly distributed a malicious `@bitwarden/cli` package, version `2026.4.0`, through npm after compromising the CLI release process. The trojanized package was available for roughly 90 minutes on April 22 and was downloaded by a limited number of users before being removed. Bitwarden said the incident was confined to the npm-distributed command-line tool and did not affect its main password manager, customer vault data, production systems, or production data. The company revoked compromised access, deprecated the release, and directed affected users to remove the package, clear npm cache, rotate exposed secrets, and upgrade to `2026.4.1` or use trusted signed binaries. Security researchers linked the breach to a wider software supply-chain campaign tied to compromised Checkmarx infrastructure and CI/CD workflows, including abuse of GitHub Actions trusted publishing. Analyses said the payload harvested GitHub and npm tokens, SSH keys, cloud credentials, environment variables, shell history, and cryptocurrency wallet files such as MetaMask, Phantom, and Solana data, making the incident especially dangerous for organizations using Bitwarden CLI in automated pipelines. Researchers also reported worm-like propagation, encrypted exfiltration to `audit.checkmarx.cx`, fallback GitHub-based command-and-control, memory scraping on self-hosted runners, and attempts to poison AI coding assistants by appending hidden text to shell startup files.
May 25, 2026
Bitwarden CLI npm Package Hijacked to Steal Developer and Cloud Credentials
A malicious version of Bitwarden’s CLI package, `@bitwarden/cli` `2026.4.0`, was published to npm after attackers reportedly abused a compromised GitHub Action in Bitwarden’s CI/CD pipeline. The tainted release was available for about 90 minutes and was limited to the npm distribution channel; Bitwarden said its Chrome extension, MCP server, other official distribution paths, production systems, vault data, and legitimate CLI codebase were not affected. Researchers linked the incident to a broader software supply-chain campaign associated with infrastructure seen in the Checkmarx breach, with some reporting also tying the activity to **TeamPCP**. The package reportedly used a malicious install chain that dropped files including `bw1.js`, fetched the Bun runtime, and executed a multi-stage payload designed to harvest GitHub, npm, AWS, Azure, GCP, SSH, and AI-tool credentials, including `~/.claude.json` and MCP-related configuration files. Investigators said the malware exfiltrated data through attacker-controlled infrastructure including `audit.checkmarx[.]cx`, attempted persistence and self-propagation, and could enable follow-on compromise of repositories and GitHub Actions workflows. Security firms advised anyone who installed `@bitwarden/cli` `2026.4.0` to remove it, downgrade to a known-safe version such as `2026.3.0`, rotate all potentially exposed secrets, inspect repositories and CI/CD workflows for unauthorized changes, and monitor for indicators including `/tmp/tmp.987654321.lock` and outbound connections to the command-and-control domain.
Apr 27, 2026
Supply Chain Attack Trojans Checkmarx Artifacts and Bitwarden CLI Package
A supply chain attack compromised multiple **Checkmarx** distribution channels, including **KICS Docker images**, the **Checkmarx VS Code extension**, and the `ast-github-action` GitHub Action, with the malicious artifacts built to collect, encrypt, and exfiltrate secrets from affected environments. Reporting linked the activity to **TeamPCP**, which publicly claimed responsibility, and described the campaign as distinct from an earlier March incident involving Checkmarx. The activity later expanded to the **Bitwarden CLI** ecosystem, where a malicious version of the npm package `@bitwarden/cli` was briefly published. The trojanized VS Code extensions were also reported to target **npm tokens**, raising the risk of follow-on supply chain compromise, while some malicious Docker images were removed by about **18:20 UTC** on April 22; however, the compromised extensions reportedly remained available on **OpenVSX** into April 23.
Jun 8, 2026