A whole host of crypto npm packages have been compromised

By Krishna Rao On Sep 27, 2022

TEMU Affiliate Program 2024: Earn Up to £100,000 a month!

Mar 28, 2024

How is eBPF Revolutionizing Kubernetes Scaling

Jan 20, 2024

A number of npm packages published by a major cryptocurrency exchange have been compromised and updated to carry malicious code

Decentralized cryptocurrency exchange (DEX) dydX tweeted its discovery of the compromise, and how it was acting to remedy the problem.

“At 6:14AM EST, we identified malicious versions published to a number of dYdX NPM packages that were quickly removed,” its tweet (opens in new tab) read. “All funds are SAFE, our websites/apps have NOT been compromised, the attack did NOT impact smart contracts.”

Multiple packages spreading infostealers

Further explaining how user funds aren’t compromised, the company said: “Reminder that dYdX does not have custody of user funds, which are deposited directly to a smart contract on the blockchain.”

Cybersecurity researcher Maciej Mensfeld of security firm Mend and Difend.io, found that some packages contained code that would run information stealing malware when run. He found three packages that were hijacked to be used in identity theft (opens in new tab) attacks.

@dydxprotocol/solo – versions 0.41.1, 0.41.2
@dydxprotocol/perpetual – versions 1.2.2, 1.2.3

Allegedly, the package ‘@dydxprotocol/node-service-base-dev’ was also compromised, but that one has since been pulled from the platform.

The packages are described as “Ethereum Smart Contracts and TypeScript library used for the dYdX Solo Trading Protocol.” The solo package, the publication found, is used by at least 44 GitHub repositories, being built by “multiple crypto platforms.”

Apparently, this is not the first time threat actors were trying to smuggle this identical malicious code into various packages. In fact, BleepingComputer claims to have seen code “strikingly identical” to this one in the malicious “PyGrata” Python packages that were stealing Amazon Web Services (AWS) credentials, environment variables, as well as SSH keys.

Code repositories are often the targets of malicious actors who sometimes build malicious versions of popular repositories and give them similar names, in hopes of overworked/reckless developers unknowingly picking the wrong one.

Via: BleepingComputer (opens in new tab)

Read original article here

Denial of responsibility! TechnoCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.