A compromised Bitwarden CLI release (version 2026.4.0) came via a hijacked GitHub Action, delivering a malicious npm package that exfiltrated crypto wallet data and developer secrets during installation.

The payload harvests credentials from multiple sources, including GitHub tokens, AWS, Azure, GCP, npm configs, SSH keys, and environment variables, and exfiltrates them using GitHub API and npm registry tokens.

Bitwarden said the malicious package was contained within roughly 90 minutes on April 22, with no evidence of end-user vault data or production systems being compromised, and remediation steps have been implemented.

New indicators include a hardcoded lock file, shell profile persistence, branding in the malware, and commit-message patterns tied to the attacker’s ideology.

The broader activity from TeamPCP targets crypto wallet data, including MetaMask, Phantom, and Solana wallet files, signaling a focus on high-value assets.

Attribution remains difficult; overlaps in tooling suggest ties to the same malware ecosystem, with possible evolution or factional splits hinted by Shai-Hulud-themed storytelling.

Bitwarden confirms that vault data stored in end-user vaults were not affected, and no production systems or vault data were compromised.

firewall actions were advised to block the domain audit.checkmarx.cx and IP 94.154.172.43; the standard 2026.3.0 version remains safe, while 2026.4.0 was the affected release.

Attackers used impersonation of Bitwarden to gain trust; AI-injection represents a novel capability to manipulate AI context windows for credential theft.

C2 infrastructure relies on audit.checkmarx.cx/v1/telemetry as the primary channel, with fallback through GitHub commit-message searches and data drops in public repos.

This incident is part of a broader supply-chain campaign linked to Checkmarx and spanning multiple security tools and CI/CD pipelines.

Indicators of compromise include network IOCs, covert GitHub channels, injected workflows, and filesystem traces to aid detection and remediation.