Full Report
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. "The affected package version appears to be @bitwarden/[email protected], and the malicious code was published in 'bw1.js,' a file included in the package contents," the application security company said. "The attack appears to have leveraged a
Analysis Summary
# Incident Report: Bitwarden CLI Supply Chain Compromise
## Executive Summary
The Bitwarden CLI (Command Line Interface) was compromised as part of a larger ongoing supply chain campaign targeting open-source ecosystems. Attackers gained access to Bitwarden’s CI/CD pipeline via compromised GitHub Actions to inject malicious code into a legitimate package version. The incident resulted in the distribution of malware designed to harvest sensitive developer credentials and secrets from downstream users.
## Incident Details
- **Discovery Date:** April 23, 2026
- **Incident Date:** April 2026 (Ongoing campaign)
- **Affected Organization:** Bitwarden (via npm package `@bitwarden/cli`)
- **Sector:** Information Technology / Cybersecurity Tools
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** April 2026
- **Vector:** Compromised GitHub Action / Identity Theft
- **Details:** Threat actors (suspected TeamPCP) leveraged stolen GitHub tokens to hijack Bitwarden’s CI/CD pipeline.
### Lateral Movement
- **Details:** Attackers injected a malicious GitHub Actions workflow into the Bitwarden repository. This workflow was used to capture secrets available to the runner and utilize stolen npm credentials to publish a backdoored version of the software.
### Data Exfiltration/Impact
- **Details:** The malicious package (`@bitwarden/[email protected]`) contained a file named `bw1.js`. This script was programmed to steal:
- GitHub and npm tokens
- SSH keys (`.ssh` directory)
- Environment variables (`.env` files)
- Shell history
- Cloud provider secrets
### Detection & Response
- **Discovery:** Identified by security researchers at Socket and JFrog as part of the "Checkmarx supply chain campaign."
- **Response Actions:** The rogue package version was pulled from the npm registry. The suspected threat actor's social media presence was suspended.
## Attack Methodology
- **Initial Access:** Stolen GitHub personal access tokens (PATs).
- **Persistence:** Injection of new GitHub Actions workflows into legitimate repositories.
- **Privilege Escalation:** Harvesting high-privilege CI/CD secrets (npm publish tokens).
- **Defense Evasion:** Embedding malicious code (`bw1.js`) within a legitimate package release to appear as a standard update.
- **Credential Access:** Automated scraping of `.env`, `.ssh`, and shell history files.
- **Discovery:** Scanning for localized environment secrets and cloud configuration files.
- **Lateral Movement:** N/A (Method focused on downstream supply chain infection).
- **Collection:** Gathering development environment metadata and authentication assets.
- **Exfiltration:** Data sent to private attacker-controlled domains and committed back to GitHub repositories.
- **Impact:** Compromise of downstream developer environments and potential for further supply chain pivoting.
## Impact Assessment
- **Financial:** Undisclosed; costs associated with incident response and potential breach of secondary targets.
- **Data Breach:** Exposure of highly sensitive developer credentials, private keys, and cloud secrets.
- **Operational:** Temporary disruption of the Bitwarden CLI distribution; requirement for users to audit and rotate all secrets.
- **Reputational:** High impact due to Bitwarden's status as a security/password management provider.
## Indicators of Compromise
- **File Indicators:** `bw1.js` (included in npm package contents)
- **Affected Version:** `@bitwarden/cli[at]2026.4.0`
- **Behavioral Indicators:** Unexpected outbound network traffic from CLI tools to unknown domains; unauthorized GitHub commits containing sensitive files.
## Response Actions
- **Containment:** Removal of the malicious package version from the npm registry.
- **Eradication:** Revocation of compromised CI/CD tokens and GitHub Actions workflows.
- **Recovery:** Restoration of verified build pipelines; suspension of associated threat actor accounts (TeamPCP).
## Lessons Learned
- **Key Takeaways:** CI/CD pipelines remain a primary target for high-impact supply chain attacks. Stolen static tokens (PATs) provide a path of least resistance for attackers.
- **Gap Analysis:** Lack of hardware-based MFA or restrictive IP scoping on publishing tokens likely allowed the external push of the malicious package.
## Recommendations
- **MFA for CI/CD:** Implement mandatory Multi-Factor Authentication for all npm and GitHub accounts.
- **Short-Lived Tokens:** Transition from static Personal Access Tokens to short-lived, environment-specific credentials (e.g., GitHub OIDC).
- **Build Integrity:** Implement code signing and "Reproducible Builds" to ensure the published artifact matches the source code.
- **Secret Rotation:** Users who installed version `2026.4.0` must immediately rotate all SSH keys, cloud secrets, and API tokens stored on their machines.