Summary
- A developer involved in maintaining at least 18 popular JavaScript packages was phished, leading to cryptocurrency theft.
- The attacker intercepted wallet interactions in the browser, changing the destination of cryptocurrency to the attacker’s accounts.
- The attack could have been worse, with the attacker only narrowly focused on stealing cryptocurrency and no further damage observed.
- Cybersecurity company Aikido found the malicious code in a recent scan of open-source code hubs.
- The affected packages have since been cleaned up and developers warned.
- Malware that targeted the Node Package Manager (NPM) could be difficult to detect and lead to a disruptive outbreak.
- NPM needs to only support more secure forms of two-factor authentication (2FA), according to the International Computer Science Institute.
By BrianKrebs
Original Article