The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package.

The newly compromised packages as of Thursday include intercom-client@7.0.5 (according to Google-owned Wiz) and intercom-client@7.0.4 (says supply-chain security firm Socket) and lightning@2.6.2 and 2.6.3.

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages associated with SAP's JavaScript and cloud application development ecosystem. The SAP-related compromise is a Shai-Hulud-worm style campaign that calls itself Mini Shai-Hulud.

So far, these SAP-related npm packages include:

• mbt@1.2.48
• @cap-js/db-service@2.10.1
• @cap-js/postgres@2.2.2
• @cap-js/sqlite@2.2.2

Collectively, these four packages receive about 572,000 weekly downloads and are widely used by developers building cloud applications.

SAP did not ...