Threat Intelligence, Supply chain

Atomic, Exodus wallets subjected to malicious npm package attack

Crypto Trading theme with blurred city abstract lights background

(Adobe Stock)

Attackers have been looking to compromise users of the Atomic and Exodus cryptocurrency wallets through the new "pdf-to-office" npm package spoofing a PDF to Microsoft Word document converter, The Hacker News reports.

Execution of the malicious npm package would facilitate discovery of Atomic Wallet or Exodus and the eventual modification of wallet-associated files to allow the delivery of transferred crypto assets to an attacker-controlled wallet, according to a ReversingLabs analysis. Such a package has also been made to enable continuous pilfering of crypto assets even after its removal, said ReversingLabs researcher Lucija Valenti. "The only way to completely remove the malicious trojanized files from the Web3 wallets' software would be to remove them completely from the computer and re-install them," Valenti added. Such a report comes after several nefarious Visual Studio Code extensions amassing over a million installations prior to their takedown were discovered by ExtensionTotal to have enabled XMRig cryptominer compromise.

Related

Infected drives leveraged in new Gamaredon intrusion

BleepingComputer reports that trojanized removable drives have been harnessed by the Russian state-sponsored threat operation Gamaredon, also known as Shuckworm, to distribute a new GammaSteel information-stealing malware variant in an attack campaign against a Western country's military mission in Ukraine between February and March.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Account HarvestingBotnetDeauthentication AttackDefacementDenial of ServiceDictionary AttackDistributed ScansDomain HijackingFault Line AttacksHybrid Attack

You can skip this ad in 5 seconds