ACCORDING to StepSecurity, @bitwarden/cli@2026.4.0, the official Bitwarden CLI, was found compromised on npm, with a malicious preinstall hook that silently bootstraps the Bun runtime and launches a 9.7 MB obfuscated credential stealer targeting developer secrets, GitHub Actions environments, and AI tool configurations such as ~./claude[.]json and MCP server configs.
The stolen data is encrypted with AES-256-GCM and exfiltrated to audit.checkmarx[.]cx, a domain impersonating Checkmarx, and when GitHub tokens are present the malware weaponises them to inject malicious workflows and extract CI/CD secrets, turning a single compromised machine into a supply chain attack pivot point.
Harden Runner blocked the outbound connection during a controlled test, preventing exfiltration at the network layer, and the attack chain includes a Bun runtime download from github[.]com/oven-sh/bun/releases. The payload also includes a multi-target credential harvester and explicit AI tool credential targeting, with indicators of compromise such as a version mismatch between package[.]json and embedded metadata. Disclosures dated 23 April 2026 note remediation steps including downgrading to 2026.3.0 and rotating all credentials.