Compromised files replace NPM packages with combined downloads of 2 billion weekly

More than a dozen popular NPM packages have been compromised in a phishing -based supply chain attack
Malventy software has targeted crypto users by diverting wallet addresses during transactions
Some have called it the most common NPM compromise to date, affecting 2 billion weekly downloads

More than a dozen NPM packages with two billion downloads per week were compromised in a supply chain attack that targeted cryptocurrency users.

Researchers from Aikido Security have spotted a QIX responsible account (the real name Josh Juno) publishing malicious updates. In less than an hour, several versions were downloaded, and shortly after Juno himself confirmed the attack and apologized for disorder,

“Yes, I was by reset e-mail of 2FA, looked very legitimate,” wrote Juno on Bluesky, confirming that the violation began with a convincing phishing email.

Target crypto users

“Only the NPM affected, I sent an email to @ npmjs.bsky.social to see if I can make access. Sorry everyone, I should have paid more. Not like me; I had a stressful week.

According to The Hacker NewsThis is the list of 20 compromised packages, cumulatively with 2 billion weekly downloads:

At the same time, Cyberinsider Described as “the compromise of the most widespread supply chain in the history of the NPM ecosystem”.

The malware distributed via the packages apparently targeted cryptocurrency users. It is designed to intercept cryptographic transactions by exchanging the address of the destination portfolio with a controlled by attackers. Ethereum, Solana, Bitcoin, Tron, Litecoin and Bitcoin Cash seem to be the channels targeted in this campaign.

Via The Hacker News

Must Read

Leave a Comment Cancel Reply