Malicious versions of legitimate SAP ecosystem packages (e.g., @cap-js/sqlite, @cap-js/postgres) were created by modifying them to include a preinstall script that executes setup.mjs automatically during npm install. This script downloads the Bun runtime and executes an obfusc...
Malicious versions of legitimate SAP ecosystem packages (e.g., @cap-js/sqlite, @cap-js/postgres) were created by modifying them to include a preinstall script that executes setup.mjs automatically during npm install. This script downloads the Bun runtime and executes an obfusc...
Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/supply-chain-campaign-targets-sap-npm-packages-with-credential-stealing-malware