bw_setup.js that checks if the bun package manager is installed and then uses it to execute bw1.js. If bun doesn’t exist, it is downloaded and installed from GitHub.According to an analysis by security firm JFrog, the malicious payload is designed to detect and collect a board range of credentials and access tokens from the filesystem, shell environment variables, and GitHub actions configurations. Targeted credentials include GitHub and npm tokens, AWS and GCP credentials, API keys from MCP and AI agent configurations, Git credentials, SSH keys, and more.If GitHub tokens are found, the malicious code automatically weaponizes them by contacting api.github.com/user and trying several escalation paths, including executing GitHub Actions and listing secrets from their workflows.”This is not passive credential theft,” the JFrog researchers said. “It is a secondary access mechanism built to extract more secret material from GitHub-hosted automation environments.”
Remediation: Users who determined that their Bitwarden CLI installation was updated to the malicious 2026.4.0 version should assume developer and cloud credentials present on their machine have been compromised and should be rotated immediately. The goal of this attacker group is to gather credentials that would enable additional software supply chain attacks.After uninstalling the malicious version, clearing the npm cache, deleting bw1.js and bw_setup.js from the system, the JFrog researchers recommend:
Revoking all GitHub PATs present on affected systemsRotating npm tokens and invalidating CI publishing tokensRotating AWS access keys and reviewing access to SSM and Secrets ManagerReviewing Azure Key Vault audit logs and rotating affected secretsReviewing GCP Secret Manager access logs and rotating affected secretsInspecting GitHub Actions workflows and repository artifacts for unauthorized runs or branchesReviewing shell history and AI tooling configuration files for sensitive data leakageBlocking audit[.]checkmarx[.]cx and 94[.]154[.]172[.]43 at network egress pointsEnforcing npm script controls where possible, including ignore-scripts for untrusted installs
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4162865/bitwarden-cli-password-manager-trojanized-in-supply-chain-attack.html
