North Korean Hackers Deploy Malicious npm Packages in Sophisticated Developer-Targeting Campaign
Security researchers have discovered North Korean hackers distributing malware through 11 malicious npm packages that were downloaded over 5,600 times. The sophisticated campaign, known as 'Contagious Interview', uses fake job interviews and social engineering to target developers and infiltrate systems.
Cryptocurrency npm Packages Compromised in Nine-Year API Key Theft Campaign
Multiple long-standing npm packages were discovered to contain malicious code designed to steal API keys and sensitive data through obfuscated scripts. The attack targeted eleven packages including popular blockchain development libraries, with evidence pointing to compromised maintainer accounts.
Malicious npm Packages Target Solana Users in Sophisticated Crypto Theft Campaign
Security researchers uncover a sophisticated attack using fake npm packages to steal Solana wallet credentials through Gmail's SMTP servers. The multi-platform campaign includes malicious GitHub repositories and packages with destructive capabilities, highlighting critical risks in the cryptocurrency software supply chain.
Malicious Ethereum Developer Tool Found Distributing Quasar RAT Malware
Security researchers uncovered an npm package posing as an Ethereum smart contract debugging tool that secretly installs dangerous Quasar RAT malware. The sophisticated supply chain attack specifically targets blockchain developers, potentially exposing private keys and credentials linked to valuable crypto assets.