News

Bitcoin Magazine

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

New NPM attack: Self-replicating malware infects dozens of packages

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.

Crypto stolen by hackers in largest NPM attack

Crypto intelligence platform Security Alliance released a report on Sep. 8 to reveal that Ethereum and Solana wallets have ...

Major attack on node.js

A cryptocurrency thief got into the npm account of a hard-working developer via spearphishing. node.js packages with billions ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...
SecurityWeek

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Threat actors injected malicious code into multiple popular NPM packages after their maintainers fell for a well-crafted ...
The Hacker News

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, ...
CoinDesk

Ethereum, Solana Wallets Targeted in Massive 'npm' Attack But Just 5 Cents Taken

The credential stealer harvested username, password, and 2FA codes before sending them to a remote host. With full access, ...

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Bleeping Computer

npm packages caught serving TurkoRAT binaries that mimic NodeJS

Researchers have discovered multiple npm packages named after NodeJS libraries that even pack a Windows executable that resembles NodeJS but instead drops a sinister trojan. These packages, given ...