Compromed files Replace NPM packages with a combined 2 billion weekly downloads

Over a dozen popular NPM packages were compromised in a phishing-based supply chain attack
Malware targeted crypto users by hijacking drawing addresses under transactions
Some called it the most widespread NPM Compromis to date that affects 2 billion weekly downloads

More than a dozen NPM packages with two billion downloads a week were compromised in a supply chain attack that targeted cryptocurrency users.

Researchers at Aikido Security discovered a maintenance account qix (real name Josh Junon) that published malicious updates. In less than an hour, several versions were uploaded, and shortly after Junon even confirmed the attack and apologized for messy,

“Jepp, I’ve been pwned. 2FA -NULSPART E -MAIL, LOVE LEGITIMAL,” JUNON wrote on Bluesky, confirming that the violation started with a compelling phishing -e email.

Targeting of crypto tractors

“Only NPM affected, I’ve sent an E -Mail to @npmjsky.social to see if I can access again. Sorry I should have been more aware. Not like me; have had a stressful week. Will work to get this cleaned up,” he emphasized, showing how even the most careful people can be hit if they lower their guard.

According to Hacker the newsThis is the list of 20 compromised packages that cumulatively count 2 billion weekly downloads:

At the same time, Cyberinsides described it as “the most widespread supply chain -Compromis in the history of the NPM ecosystem.”

Malware that is distributed through the packages that seem to target cryptocurrency users. It is designed to intercept Crypto transactions by replacing the destination wallet address with a controlled by attackers. Ethereum, Solana, Bitcoin, Tron, Litecoin and Bitcoin Cash appear to be the chains that are targeted in this campaign.

Via Hacker the news

Must Read

Leave a Comment Cancel Reply