During this two-month period, threat actors had modified the legitimate Codecov Bash Uploader tool to exfiltrate environment variables from Codecov customers’ CI/CD environments.