Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

The Bitwarden command-line interface (CLI) package was compromised as part of an ongoing supply chain attack campaign targeting the Checkmarx ecosystem. Security researchers from JFrog and Socket discovered that malicious code was published in version @bitwarden/[email protected] of the npm package. The rogue version was available for download between 5:57 PM and 7:30 PM Eastern Time on April 22, 2026. The malicious package stole developer secrets including GitHub and npm tokens, SSH keys, environment variables, shell history, and cloud credentials.

The attack leveraged a compromised GitHub Action in Bitwarden’s CI/CD pipeline, consistent with patterns seen across other affected repositories in the broader Checkmarx supply chain campaign. The malicious code was executed via a preinstall hook, which launched a credential stealer targeting developer secrets, GitHub Actions environments, and AI coding tool configurations including Claude, Cursor, Codex CLI, and Aider. Stolen data was encrypted with AES-256-GCM and exfiltrated to the domain audit.checkmarx.cx, which impersonates Checkmarx, with GitHub commits used as a fallback exfiltration method.

The threat actor suspected to be behind this attack is TeamPCP, also linked to the broader Checkmarx supply chain campaign. OX Security identified the string “Shai-Hulud: The Third Coming” in the package, suggesting this could be the next phase of a supply chain attack campaign that emerged last year. Interestingly, the malware was designed to quit execution on systems with a Russian locale, suggesting possible ideological motivations or operational security measures. Socket noted that shared tooling suggests a connection to the same malware ecosystem, but operational signatures differ, indicating either a different operator using shared infrastructure or a splinter group.

This incident highlights the cascading nature of modern supply chain attacks – a single compromised developer package can become the entry point for broader organisational compromise. With attackers gaining persistent workflow injection access to every CI/CD pipeline the developer’s token can reach, the blast radius extends far beyond the initial infection. The fact that npm trusted publishing was compromised for the first time marks a concerning evolution in supply chain attack techniques, demonstrating that even established security mechanisms are not immune to sophisticated adversaries.

Click here for the original article.