Express

Security Alert: Another Prominent NPM Account Compromised, Injected with Wallet-Stealing Malware

Summary: According to Socket monitoring, the ongoing NPM supply chain attack has spread from well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, was compromised, and multiple malicious versions were released. The injected code is the same wallet-stealing malware used when Qix's account was compromised, indicating they are part ...

According to Socket monitoring, the ongoing NPM supply chain attack has spread from well-known developer Qix to another highly prominent maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, was compromised, and multiple malicious versions were released. The injected code is the same wallet-stealing malware used when Qix's account was compromised, indicating they are part of the same attack operation.

Ledger CTO stated that a large-scale supply chain attack could pose risks to the entire JavaScript ecosystem. However, the NPM attackers were unsuccessful, with almost no victims.

Last Update:

Tags:
Link: Security Alert: Another Prominent NPM Account Compromised, Injected with Wallet-Stealing Malware [Copy]

Last: Bubblemaps: Suspected Single Entity Receives $170 Million Worth of Tokens from MYX Airdrop

Next: SlowMist CISO: DuckDB NPM Account Hacked, Caution Against Risks

The Crypto Treasury Boom Meets Regulatory Chill: Is the DAT Frenzy Fading? 2 days ago

Nasdaq Takes Aim at 'Crypto-Flipping' Companies with Stricter Rules 5 days ago

BTC Weekly Outlook: The Oversold Bounce—A Bottom or a Shorting Opportunity? 8 days ago

The Making of a Political Darling: Is Chainlink’s Government Deal a Victory for Tech or... 12 days ago

Google Steps Into Blockchain: A New Front in the “Ledger Wars” 14 days ago