Between 11:57 p.m. on April 22nd and 1:30 a.m. on April 23rd German time (5:57 p.m. to 7:30 p.m. ET), the npm package @bitwarden/cli version 2026.4.0 was delivered with malicious code. This compromised version stole user credentials. However, Bitwarden emphasizes that end-user data stored in the actual safe (vault data) is not affected.
Read more after the ad
As Bitwarden announced in its community forum, the security team has identified and contained the manipulated package. The distribution was therefore carried out exclusively via NPM; anyone who did not obtain the package via NPM during the time in question would not be affected. The compromised version has now been marked as deprecated and the abused access has been revoked. The incident is part of a larger attack on the Checkmarx supply chain.
Sophisticated credential stealer with fallback mechanisms
Security researchers from JFrog and Socket.dev analyzed the malware in detail. That manipulated package.json contained one preinstall-Script that automatically creates a loader file called when installing bw_setup.js executed. This downloaded the Bun runtime (version 1.3.13) from GitHub and started an obfuscated JavaScript payload (bw1.js).
The malicious code targeted a wide range of sensitive data: GitHub and npm tokens, SSH keys, shell histories, and AWS, Google Cloud, and Azure credentials. Furthermore, GitHub Actions Secrets, Git Credentials, .envfiles and even configuration files are read by AI tools like Claude and MCP and sent to the attackers.
The exfiltration was primarily encrypted to the address audit.checkmarx.cx (IP: 94.154.172.43). As a fallback, the malware used a sophisticated mechanism: stolen GitHub tokens were validated to create data exfiltration repositories under the victim’s account. Double-Base64-encoded PATs were hidden in commit messages with the marker “LongLiveTheResistanceAgainstMachines”.
Immediate countermeasures required
Read more after the ad
Anyone who installed version 2026.4.0 within the specified time window should act immediately. Bitwarden recommends uninstalling with npm uninstall -g @bitwarden/cli and clearing the npm cache. On affected systems, administrators should look for the artifacts bw_setup.js, bw1.js and a downloaded Bun runtime.
It is particularly important to rotate all credentials that were stored on the compromised system: GitHub Personal Access Tokens, npm tokens, AWS Access Keys, Azure and GCP secrets, and SSH keys. GitHub Actions workflows should also be checked for unauthorized executions. The domain audit.checkmarx.cx and the IP 94.154.172.43 should be blocked in firewalls.
All repositories are currently delivering the regular version 2026.3.0 again. According to the manufacturer, this and all other versions of the Bitwarden CLI except 2026.4.0 are not affected. Production systems and vault data were never compromised.
(yeah)
