Socket has confirmed that Bitwarden CLI version 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign, exposing millions of users and thousands of enterprises to credential theft and CI/CD pipeline infiltration.
The attack targeted @bitwarden/cli 2026.4.0 on npm, injecting a malicious file named bw1.js into the package contents. Bitwarden CLI is used by over 10 million users and 50,000+ businesses, making it one of the highest-impact targets in the campaign to date.
Notably, only the npm CLI package was affected. Bitwarden’s Chrome extension, MCP server, and other official distribution channels remain uncompromised.
Attackers exploited a compromised GitHub Action within Bitwarden’s CI/CD pipeline, the same supply chain vector identified in the broader Checkmarx campaign documented by Socket researchers.
The malicious bw1.js payload shares core infrastructure with the previously analyzed mcpAddon.js, including an identical C2 endpoint (audit.checkmarx[.]cx/v1/telemetry) obfuscated via __decodeScrambled with seed 0x3039.
The payload employed a sophisticated multi-stage architecture:
- Credential harvesting targeting GitHub tokens via Runner.Worker memory scraping, AWS credentials from
~/.aws/, Azure tokens viaazd, GCP credentials viagcloud, npm tokens from.npmrc, SSH keys, and Claude/MCP configuration files - GitHub exfiltration by creating public repositories under victim accounts using Dune-themed naming conventions (
{word}-{word}-{3digits}), with encrypted results committed and tokens embedded in commit messages - Supply chain propagation through npm token theft to identify writable packages and republish them with injected preinstall hooks, alongside GitHub Actions workflow injection to capture repository secrets
- Shell persistence by injecting payloads into
~/.bashrcand~/.zshrc - Russian locale kill switch that exits silently if the system locale begins with “ru”
The payload runs on Bun v1.3.13, downloaded directly from GitHub releases.
While the shared tooling links this attack to the Checkmarx malware ecosystem, several indicators suggest a different — or evolved — operator. The malicious payload carries explicit ideological branding: repository descriptions reference “Shai-Hulud: The Third Coming,” debug strings invoke “Butlerian Jihad,” and commit messages proclaim resistance against machines.
This contrasts sharply with the earlier Checkmarx campaign, which used deceptive but neutral-looking descriptions. Socket researchers note this could indicate a splinter group, a different operator sharing infrastructure, or a deliberate shift in the campaign’s posture.
Organizations that installed the compromised package should treat this as a full credential exposure event. Immediate steps include:
- Remove the affected package from all developer systems and build environments
- Rotate all potentially exposed credentials — GitHub tokens, npm tokens, cloud credentials, SSH keys, and CI/CD secrets
- Audit GitHub for unauthorized repository creation, unexpected workflow files under
.github/workflows/, and Dune-themed staging repositories - Hunt for the persistence lock file at
/tmp/tmp.987654321.lockand unauthorized modifications to shell profiles - Monitor for outbound connections to
audit.checkmarx[.]cxand unusual Bun runtime execution
Long-term hardening should include locking down token scopes, enforcing short-lived credentials, restricting package publish permissions, and hardening GitHub Actions with least-privilege configurations.
IOC Summary
| Indicator | Details |
|---|---|
| Malicious Package | @bitwarden/cli 2026.4.0 |
| Malicious File | bw1.js |
| C2 Endpoint | audit.checkmarx[.]cx/v1/telemetry |
| Lock File | /tmp/tmp.987654321.lock |
| Staging Repo Pattern | {word}-{word}-{3digits} |
Socket’s security research team continues to investigate the full scope of the campaign. Organizations are urged to treat any exposure to this package version as a confirmed incident until further analysis is complete.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Bitwarden CLI Compromised in Supply Chain Attack via GitHub Actions appeared first on Cyber Security News.