A recent security alert has warned of a coordinated malicious attack targeting the npm ecosystem. The attack involves the deployment of JavaScript-based information-stealing programs through fake trading bot repositories and DeFi-themed npm packages. Approximately 30 malicious npm packages have been identified, with one package, "stake", appearing as a locked dependency in a suspicious repository. This repository exhibits unusual patterns, with around 23,000 homogeneous forked branches concentrated under a single account. The attackers may be able to steal sensitive local data, including cryptocurrency wallets, browser cookies, passwords, developer login information, private keys, and API tokens. The attack poses a significant risk to developers and users in the DeFi space, highlighting the need for increased vigilance and security measures to protect against such threats

post-image
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned