TeamPCP Campaign Spreads to npm via a Hijacked Bitwarden CLI

Threat Intel
, ,
1

From:

Kill Chain:

The root package.json advertises @bitwarden/cli version 2026.4.0, while the embedded application metadata in build/bw.js still references 2026.3.0. That mismatch strongly suggests the malicious packaging layer was added on top of an older legitimate Bitwarden CLI release rather than being produced through the normal vendor build pipeline.

Operationally, the infection flow is simple:

  1. A victim installs or runs @bitwarden/cli version 2026.4.0

  2. npm executes preinstall, which runs bw_setup.js

  3. The loader downloads Bun from GitHub if needed

  4. Bun runs the malicious payload

  5. The payload steals local, CI, GitHub, and cloud secrets

  6. The result set is encrypted and sent to audit[.]checkmarx[.]cx

  7. If that path fails, the malware pivots to GitHub-based fallback channels

Remediation:

If @bitwarden/cli version 2026.4.0 was installed, responders should assume developer and cloud credentials exposed on that host are compromised.

Immediate containment:

npm uninstall -g @bitwarden/cli
npm cache clean --force
npm config set ignore-scripts true

Search for loader artifacts and downloaded Bun runtime in working directories where the package may have executed:

rg -n "audit\\.checkmarx\\.cx|LongLiveTheResistanceAgainstMachines|beautifulcastle" .
ls -la bun bun.exe bw1.js bw_setup.js 2>/dev/null

Review and rotate likely exposed secrets:

gh auth logout
npm token list
aws configure list

Additional response actions:

  • Revoke all GitHub PATs present on affected systems

  • Rotate npm tokens and invalidate CI publishing tokens

  • Rotate AWS access keys and review access to SSM and Secrets Manager

  • Review Azure Key Vault audit logs and rotate affected secrets

  • Review GCP Secret Manager access logs and rotate affected secrets

  • Inspect GitHub Actions workflows and repository artifacts for unauthorized runs or branches

  • Review shell history and AI tooling configuration files for sensitive data leakage

  • Block audit[.]checkmarx[.]cx and 94[.]154[.]172[.]43 at network egress points

  • Enforce npm script controls where possible, including ignore-scripts for untrusted installs

  • Use JFrog Xray and JFrog Curation to block malicious and hijacked packages before installation

2

Socket has more information here, linking this to the Checkmarx compromise:

Malicious package overview:

https://socket.dev/npm/package/@bitwarden/cli/overview/2026.4.0

3

Bitwarden’s official statement:

They have yet to comment on the exact method by which the NPM package was compromised, but we do know this is downstream of Checkmarx, so educated guesses are available.

1 Like
4

This article has a ton of IoCs the JFrog article did not, including a bunch of strings to check for repos made under your account.

TeamPCP claims credit for Checkmarx KICS compromise