Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware

A TeamPCP supply-chain campaign dubbed “Mini Shai Hulud” compromised multiple SAP-related npm packages by adding preinstall scripts that deploy a Bun-based dropper and an obfuscated second-stage credential-stealer which targets developer machines and CI/CD pipelines to harvest GitHub/npm/cloud/Kubernetes/CI secrets, exfiltrate them via attacker-controlled GitHub repositories, and propagate to other repositories and developer tools; the report includes IOCs (malicious files and hashes), attribution evidence, and immediate mitigations (search/rotate credentials, audit GitHub activity).