""Sorry everyone, I should have paid more attention,""
""Not like me; have had a stressful week. Will work to get this cleaned up.""
"According to Aikido Security's Charlie Eriksen, the payload acts as a browser-based interceptor that hijacks network traffic and application APIs to steal cryptocurrency assets by rewriting requests and responses."
A maintainer account on npm was compromised via a phishing email that impersonated npm support and urged a two-factor authentication update. The phishing page collected username, password, and 2FA token, likely enabling an adversary-in-the-middle to steal credentials and publish malicious package versions. Twenty widely used packages with over two billion weekly downloads were confirmed compromised. Obfuscated malware injected into the packages intercepts cryptocurrency transaction requests and replaces destination addresses with attacker-controlled wallets by computing Levenshtein distance to find close matches. The payload operates as a browser-based interceptor that hijacks network traffic and application APIs to rewrite requests and responses. Attribution remains unknown.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]