Cryptocurrency npm Packages Compromised in Nine-Year API Key Theft Campaign
Multiple long-standing npm packages were discovered to contain malicious code designed to steal API keys and sensitive data through obfuscated scripts. The attack targeted eleven packages including popular blockchain development libraries, with evidence pointing to compromised maintainer accounts.
Malicious npm Packages Target Solana Users in Sophisticated Crypto Theft Campaign
Security researchers uncover a sophisticated attack using fake npm packages to steal Solana wallet credentials through Gmail's SMTP servers. The multi-platform campaign includes malicious GitHub repositories and packages with destructive capabilities, highlighting critical risks in the cryptocurrency software supply chain.
Malicious Ethereum Developer Tool Found Distributing Quasar RAT Malware
Security researchers uncovered an npm package posing as an Ethereum smart contract debugging tool that secretly installs dangerous Quasar RAT malware. The sophisticated supply chain attack specifically targets blockchain developers, potentially exposing private keys and credentials linked to valuable crypto assets.