Bitwarden CLI npm package 2026.4.0 was injected with credential-harvesting malware via a compromised GitHub Action, part of the broader Checkmarx supply chain campaign.
Key Takeaways
Malicious bw1.js shares C2 infrastructure (audit.checkmarx[.]cx/v1/telemetry) and gzip+base64 payload structure with the earlier Checkmarx mcpAddon.js attack.
Harvests GitHub tokens, AWS/Azure/GCP credentials, npm tokens, SSH keys, and Claude/MCP config files via Runner.Worker memory scraping and env vars.
Exfiltrates via Dune-themed public GitHub repos and npm token republishing; uses Bun v1.3.13 runtime downloaded from GitHub releases at install time.
Russian locale kill switch exits silently; Shai-Hulud/Butlerian Jihad branding embedded in the payload suggests a different operator or splinter group reusing Checkmarx infrastructure.
Only @bitwarden/cli 2026.4.0 npm package is confirmed compromised; Chrome extension, MCP server, and other Bitwarden distributions are unaffected.
Hacker News Comment Review
Strong consensus that shipping a security CLI in JS/npm is architectural risk; multiple commenters recommended rbw (Rust), pass, and gopass as lower-dependency-tree alternatives.
The Russian locale kill switch drew pointed reactions; the overt Dune ideological branding is seen as a notable shift from the deceptive-but-neutral posture of the earlier Checkmarx campaign.
A separate practical concern surfaced: bw list outputs full credentials including live TOTP codes to stdout, an independent accidental-exposure vector unrelated to this supply chain compromise.
Notable Comments
@Scene_Cast2: Chrome extension recently caused browser grinding via mojo IPC message spam; questions whether the anomaly is related to this compromise.
