- Researchers reveal two packages that carry an infoTeal
- The victims are apparently Russian and attackers US
- This caused scientists to wonder if the goals were Russian crypto hackers
Two malicious packages were recently discovered on the NPM Package Manager platform that targeted software developers on the Solana ecosystem.
However, the discovery, the attribution and the potential targets of malware have made scientists wonder if this was a state -sponsored attack.
Solana is a blockchain designed for decentralized applications and cryptocurrencies. It is similar to Ethereum in many aspects, which is why it is often described in the crypto community as “Ethereum killer”.
Targeting DEVS? Or hackers? Or both?
Recently, security researchers from Security found two NPM packages: “Solana-Pump Test” and “Solana-SPL-SDK”.
Both were submitted by the same author, and both contained identical code – and according to security when these packages were installed, the scripts that ex -filtered sensitive information from compromised devices, including private keys gave the striker access to crypto funds.
Security says the victims – the developers who downloaded and operated the Infostealers – were located in Russia.
The attackers, on the other hand, appear to be located in the United States, based on the IP addresses where the ex -filtered data was forwarded.
These things were enough for scientists to ask if this was an American-supported threat actor aimed at Russia, probably due to currently strained geo-political relations between the two powers.
But NPM is like platform not Russian or administered by the Russians. The NPM platform is run by NPM, Inc., a company that was originally independent, but now is a subsidiary of GitHub, which is in itself owned by Microsoft.
Russia has more and more state-sponsored and affiliated threat actors known to target cryptocurrency users, or large companies, which are then forced to ransom in Crypto. Groups such as Evil Corp, Sandworm and APT28 (Fancy Bear) have been linked to campaigns that either exfilter cryptocurrency or implement ransomware for financial gain.
Therefore, it is not too long-term to wonder if this attack was aimed at crypto criminals as well as ordinary crypto developers.
Via Registered
