Committed files replace NPM packages with a combined 2 billion weekly discharges

More than a dozen NPM popular packages were committed to a phishing -based supply chain attack
Cryptographic users led by malware kidnapping wallet addresses during transactions
Some called him the most widespread NPM commitment to date, affecting 2 billion weekly discharges

More than a dozen NPM packages with two billion downloads per week were committed to a supply chain attack that went to cryptocurrency users.

Aikido Security researchers saw a QIX maintainer account (real name Josh Junon) publishing malicious updates. In less than an hour, multiple versions were loaded, and shortly after Junon himself confirmed the attack and apologized for the disaster,

“Yes, I have been Pwned. The 2fa restart email, seemed very legitimate,” Junon wrote in Bluesky, confirming that the rape began with a convincing phishing email.

Aimed at cryptography users

“It only affected the NPM, I have sent an email to @npmjs.bsky.Social to see if I can get access again. I’m sorry, everyone should have paid more attention. Not like me; I have had a stressful week. He will work to clean this,” he emphasized, showing how even the most careful people can be beaten if they lower their guard.

According The hacker newsThis is the list of 20 compromised packages, counting cumulatively 2 billion weekly discharges:

At the same time, Cyberinsidic He described it as “the commitment of the most widespread supply chain in the history of the NPM ecosystem.”

Malware is distributed through packages apparently aimed at cryptocurrency users. It is designed to intercept cryptographic transactions by changing the direction of the destination wallet with a controlled by the attackers. Ethereum, Solana, Bitcoin, Tron, Litecoin and Bitcoin Cash seem to be the chains directed in this campaign.

Through The hacker news

Must Read

Leave a Comment Cancel Reply