coin-img-ETHETH-2.49%coin-img-BTCBTC-3.87%coin-img-SOLSOL-3.11%coin-img-XRPXRP-0.83%coin-img-USDCUSDC+0.00%coin-img-NEARNEAR+6.12%coin-img-HYPEHYPE+7.37%coin-img-TONCOINTONCOIN-3.54%coin-img-ETHETH-2.49%coin-img-BTCBTC-3.87%coin-img-SOLSOL-3.11%coin-img-XRPXRP-0.83%coin-img-USDCUSDC+0.00%coin-img-NEARNEAR+6.12%coin-img-HYPEHYPE+7.37%coin-img-TONCOINTONCOIN-3.54%coin-img-ETHETH-2.49%coin-img-BTCBTC-3.87%coin-img-SOLSOL-3.11%coin-img-XRPXRP-0.83%coin-img-USDCUSDC+0.00%coin-img-NEARNEAR+6.12%coin-img-HYPEHYPE+7.37%coin-img-TONCOINTONCOIN-3.54%coin-img-ETHETH-2.49%coin-img-BTCBTC-3.87%coin-img-SOLSOL-3.11%coin-img-XRPXRP-0.83%coin-img-USDCUSDC+0.00%coin-img-NEARNEAR+6.12%coin-img-HYPEHYPE+7.37%coin-img-TONCOINTONCOIN-3.54%

Microsoft Flags Crypto-Stealing Malware Hidden in Compromised npm Packages

Microsoft says it has identified a malware campaign aimed at developers via two compromised npm packages that masqueraded as legitimate tools while quietly stealing sensitive data, including cryptocurrency wallet credentials. Microsoft Threat Intelligence reported that utilsterminal@3.2.1 and loggeractive@3.2.1 delivered a remote access trojan (RAT) capable of capturing keystrokes, screenshots, login credentials, and crypto-related information from infected machines. With npm among the world's largest software registries, the company warned that tainted dependencies can spread broadly when developers install packages without realizing they've been altered. The operation is especially concerning for crypto users and blockchain teams, since developer endpoints often hold browser wallets, API keys, cloud access tokens, and source code tied to digital-asset projects. Access to those resources can enable wallet theft, infrastructure compromise, or interference with automated trading systems. Microsoft added that the attackers used Hugging Face repositories as part of their data-exfiltration workflow, blending outbound traffic into a trusted AI platform to make the activity harder to spot through standard monitoring. The case underscores a wider shift toward software supply-chain attacks, where threat actors compromise widely used development tools and libraries to reach large numbers of downstream targets rather than pursuing victims one by one. Security researchers have previously documented similar efforts across npm, PyPI, and Rust ecosystems, with malicious packages seeking wallet credentials, SSH keys, and cloud credentials. These incidents typically target endpoints and user devices rather than exploiting weaknesses in blockchain protocols or breaking cryptographic protections. Microsoft recommended auditing installed packages, removing suspicious dependencies, rotating any potentially exposed credentials, and monitoring wallets for unauthorized transactions. Security specialists also advise keeping seed phrases offline and verifying third-party software sources before installation.
Avvertenza: Il contenuto sopra riportato rappresenta esclusivamente l'opinione dell'autore e non riflette la posizione di BingX. Non deve essere interpretato come un consiglio di investimento da parte di BingX. Per ulteriori dettagli, consultare i Termini e condizioni.