Summary: Threat actors have uploaded a malicious npm package named pdf-to-office, designed to inject harmful code into cryptocurrency wallet software, facilitating a software supply chain attack. This package targets specific versions of Atomic Wallet and Exodus, altering cryptocurrency transaction addresses to redirect funds to the attacker’s wallet. The attack demonstrates the ongoing risks associated with the npm registry and highlights the need for vigilance among developers using third-party packages.
Affected: npm registry, Atomic Wallet, Exodus wallet
Keypoints :
- pdf-to-office poses as a PDF conversion utility but contains malicious features.
- The payload targets specific versions of wallets and overwrite files to divert funds.
- Previous instances of malicious npm packages show a growing trend in software supply chain attacks.
Source: https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html