Slowmist: Detected malicious npm supply chain attack, involving 30 malicious packages.

robot
Abstract generation in progress
CoinWorld News, according to SlowMist, misteye detected a coordinated malicious npm supply chain attack. Attackers deployed JavaScript information stealers through fake trading bot repositories and DeFi-themed npm packages, targeting npm users, DeFi developers, and trading bot users. The attack involves 30 malicious npm packages, including stake-math .5.4. SlowMist stated that the related repositories contain approximately 2,300 highly homogeneous, likely batch-generated forks, mostly concentrated under the poly-stocks account. Potential attack behaviors include stealing wallet vaults, browser cookies, saved passwords, private keys, seed phrases, API tokens, and other local sensitive data. SlowMist advises developers to remove affected npm packages, audit package.json, package-lock.json, and CI logs, and rotate exposed wallets, private keys, npm tokens, cloud credentials, SSH keys, and API tokens.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 5
  • 2
  • Share
Comment
Add a comment
Add a comment
DustyLedgerKid
· 1h ago
Trading bot users are also targets; brothers running strategies, check the environment.
View OriginalReply0
GateUser-ae5cc7b3
· 3h ago
The package name "stake-math .5.4" looks suspicious. I'll need to be more careful before installing packages in the future.
View OriginalReply0
GlitchOrchard
· 3h ago
2300 forks generated in batches, this is no small-scale attack.
View OriginalReply0
LostAloneInTheFog
· 3h ago
From wallet vault to mnemonic phrase, all stolen, a one-stop service indeed.
View OriginalReply0
ReadingContractsUntilMyEyesAre
· 4h ago
npm supply chain incident again, DeFi developers really need to be cautious about dependency packages.
View OriginalReply0
  • Pinned