The Bitwarden CLI has been targeted in a significant supply chain attack following the Checkmarx campaign. Attackers managed to inject malicious code into version 2026.4.0, designed to steal developer secrets, cloud credentials, and GitHub tokens.
A high-profile supply chain attack has hit the Bitwarden CLI (Command Line Interface), specifically affecting version 2026.4.0 distributed via npm. Security researchers from JFrog, Socket, and Checkmarx discovered that a malicious file, 'bw1.js,' was embedded in the package using a preinstall hook. This compromise originated from a hijacked GitHub Action in Bitwarden's CI/CD pipeline, allowing threat actors to distribute the rogue version during a short window on April 22, 2026.
The malware is exceptionally capable, featuring a multi-cloud credential harvester. It specifically targets developer environments to steal GitHub and npm tokens, SSH keys, .env files, and shell history. Furthermore, it seeks out configurations for AI coding assistants like Claude, Cursor, and Aider. Once collected, the data is encrypted with AES-256-GCM and exfiltrated to attacker-controlled domains or public GitHub repositories using a 'dead-drop' method to evade detection.
Bitwarden has confirmed that while the distribution mechanism was compromised, end-user vault data and production systems remain secure. The malicious package was available for approximately 90 minutes before being revoked. Users who downloaded version 2026.4.0 are urged to immediately uninstall it, clear their npm cache, and rotate all secrets—including cloud credentials and GitHub tokens—that were accessible on the affected systems. Bitwarden has released version 2026.4.1 as a safe replacement to restore service integrity.
The malware is exceptionally capable, featuring a multi-cloud credential harvester. It specifically targets developer environments to steal GitHub and npm tokens, SSH keys, .env files, and shell history. Furthermore, it seeks out configurations for AI coding assistants like Claude, Cursor, and Aider. Once collected, the data is encrypted with AES-256-GCM and exfiltrated to attacker-controlled domains or public GitHub repositories using a 'dead-drop' method to evade detection.
Bitwarden has confirmed that while the distribution mechanism was compromised, end-user vault data and production systems remain secure. The malicious package was available for approximately 90 minutes before being revoked. Users who downloaded version 2026.4.0 are urged to immediately uninstall it, clear their npm cache, and rotate all secrets—including cloud credentials and GitHub tokens—that were accessible on the affected systems. Bitwarden has released version 2026.4.1 as a safe replacement to restore service integrity.
TAGS:
#Bitwarden
#Supply Chain Attack
#npm Security
SHARE: