@bitwarden/cli@2026.4.0 — the official command-line interface for the Bitwarden password manager — was found compromised on npm. A malicious preinstall hook silently bootstraps the Bun JavaScript runtime and launches a 9.7 MB obfuscated credential stealer that targets developer secrets, GitHub Actions environments, and — explicitly — AI coding tool configurations including ~/.claude.json and MCP server configs. All stolen data is encrypted with AES-256-GCM and exfiltrated to audit.checkmarx.cx, a domain impersonating the legitimate security company Checkmarx. When GitHub tokens are found, the malware weaponizes them to inject malicious workflows into repositories and extract CI/CD secrets — turning a single compromised developer machine into a supply chain attack pivot point.

StepSecurity

The @bitwarden/cli@2026.4.0 npm package was found compromised with a malicious preinstall hook that silently installs the Bun JavaScript runtime and executes a 9.7 MB obfuscated credential stealer. The malware targets developer secrets, GitHub Actions tokens, CI/CD secrets, and AI coding tool configurations including ~/.claude.json and MCP server configs. Stolen data is AES-256-GCM encrypted and exfiltrated to a domain impersonating Checkmarx. If GitHub tokens are found, the malware injects malicious workflows into repositories, turning a single compromised machine into a supply chain attack pivot. The post also briefly covers two related incidents: a two-stage credential stealer in the xinference PyPI package and compromised pgserve npm versions exfiltrating to a decentralized ICP canister.

Bitwarden CLI Hijacked on npm: Bun-Staged Credential Stealer Targets Developers, GitHub Actions, and AI Tools