This article highlights a malicious npm package, “nodejs-smtp,” that was used in a sophisticated supply chain attack to steal cryptocurrency from targeted users. The attack exploited open-source trust and targeted Windows users with cryptocurrency wallets, injecting malware that hijacked wallet addresses. #nodejs-smtp #cryptocurrencytheft
Keypoints
- The malicious package impersonated the popular “nodemailer” library to deceive developers.
- The attack targeted Windows users with Atomic Wallet or Exodus applications.
- Once installed, the malware monitored and replaced cryptocurrency wallet addresses on the clipboard.
- The “nodejs-smtp” package functioned as a legitimate email tool to avoid detection.
- This incident demonstrates increasing sophistication in supply chain attacks exploiting open-source repositories.
Read More: https://dailydarkweb.net/atomic-and-exodus-crypto-wallets-at-risk-from-deceptive-npm-package/