"The recent npm supply chain breach shows just how fragile open source ecosystems can be when trust in a single maintainer account is abused. Hackers tricked the maintainer of chalk, debug, ansi-styles, and several other popular npm packages with a phishing email disguised as official support. Once they gained access, they pushed malicious code into 18 npm packages that together see more than two billion downloads every week."
"The malicious code was designed with one purpose to target crypto wallets. When installed, it scans for browser-based wallets like MetaMask. At the point of approving a transaction, it silently replaced the recipient's address with one controlled by the attackers. From the user's point of view, nothing looked suspicious.The wallet interface showed the same flow, but the funds moved somewhere else. This kind of invisible theft is hard to spot until the money is already gone."
A phishing email disguised as official support gave attackers access to a maintainer account for popular npm packages including chalk, debug, and ansi-styles. The attackers pushed malicious updates into 18 npm packages that collectively see more than two billion downloads weekly. The injected code targeted browser-based crypto wallets such as MetaMask, scanning for wallets and silently replacing the recipient address at transaction approval with an attacker-controlled address. From the user's interface the approval flow appeared normal, making the theft difficult to detect until funds were gone. Rapid detection and mitigation limited harm, and Ledger's CTO reported almost no victims.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]