• Dapps:16.23K
  • Blockchains:78
  • Active users:66.47M
  • 30d volume:$303.26B
  • 30d transactions:$879.24M
Cyber Attack on NPM Packages Leads to Spread of Malware

Cyber Attack on NPM Packages Leads to Spread of Malware

user avatar

by Giorgi Kostiuk

4 hours ago

A recent cyber attack on the NPM account of developer known as ‘qix’ resulted in the publication of malicious versions of popular JavaScript packages, threatening cryptocurrency users’ security.

What Happened?

The NPM account of a developer was compromised, allowing hackers to publish malicious versions of numerous popular JavaScript packages, which have been downloaded more than a billion times a week. The attack on the software supply chain specifically targets the JavaScript/Node.js ecosystem.

Attack Mechanism

The malicious code is a 'crypto-clipper' designed to steal cryptocurrency by swapping wallet addresses in network requests. It is heavily obfuscated to avoid detection. The attack has two vectors: when no crypto wallet extension is found, the malware intercepts all network traffic. If a crypto wallet is identified, the malware modifies transactions in memory before they are signed. The attack targeted packages such as 'chalk', 'strip-ansi', 'color-convert', and 'color-name', which are core building blocks in many projects.

If you use a hardware wallet, pay attention to every transaction before signing, and you're safe.Charles Guillemet, CEO Ledger

Broad Attack Vector

While the malware specifically targets cryptocurrency, its attack vector is much broader. It affects any environment running JavaScript/Node.js applications, such as web applications, desktop applications, and mobile applications. Regular business web applications may unknowingly include these malicious packages, activating only when users interact with cryptocurrency on the site.

The NPM package cyber attack highlights the importance of user vigilance regarding transactions and wallet security, as well as the need for awareness of software vulnerabilities.

0

Rewards

chest
chest
chest
chest

More rewards

Discover enhanced rewards on our social media.

Other news

Expert Predicts Dogecoin ETF Approval This Week, But There’s a Catch

chest

Anticipation surrounds the potential approval of Dogecoin ETF this week, inviting investor interest despite risks.

user avatarGiorgi Kostiuk

EU Agenda Under Ursula von der Leyen: Impact on Trade and Cryptocurrencies

chest

Ursula von der Leyen announces the EU agenda and its effects on trade and cryptocurrencies. Key regulatory aspects for 2025 highlighted.

user avatarGiorgi Kostiuk

Microsoft and Nebius Secure Multi-Year Contract Worth $17.4 Billion

chest

Microsoft and Nebius have inked a $17.4 billion deal for AI computing power, raising Nebius stock by 47%.

user avatarGiorgi Kostiuk

Ethereum Drops Below $4,300: Key Support Levels and Whale Activity

chest

Ethereum has fallen below $4,300, showing critical support at $4,250–$4,200 amid increased whale trading.

user avatarGiorgi Kostiuk

Success of Meme Coins: Analyzing MoonBull, Floki, and Neiro

chest

A review of three meme coins capturing attention: MoonBull, Floki, and Neiro. Analyzing their success and market features.

user avatarGiorgi Kostiuk

Sonic and Covalent: New Opportunities in Data Processing

chest

The new Sonic integration with Covalent provides instant onchain data access with economic advantages.

user avatarGiorgi Kostiuk

Important disclaimer: The information presented on the Dapp.Expert portal is intended solely for informational purposes and does not constitute an investment recommendation or a guide to action in the field of cryptocurrencies. The Dapp.Expert team is not responsible for any potential losses or missed profits associated with the use of materials published on the site. Before making investment decisions in cryptocurrencies, we recommend consulting a qualified financial advisor.