Summary: Threat actors have been distributing malicious NPM packages targeting PayPal and cryptocurrency wallet users to steal sensitive information and funds. The malicious packages impersonate legitimate services to trick users, utilizing preinstall hooks to execute harmful scripts unnoticed. Victims are advised to remove compromised applications and check for suspicious NPM packages and network activities.
Affected: PayPal, Atomic Wallet, Exodus
Keypoints :
- Malicious NPM packages named after PayPal target users to steal credentials and financial information.
- Packages employ a preinstall hook to execute malicious scripts that send sensitive data to threat actors.
- Cryptocurrency wallet apps are compromised by a package called pdf-to-office, diverting crypto transactions to attackersβ addresses.
- Users must completely remove and reinstall affected wallet applications to prevent continued loss of funds.
Source: https://www.securityweek.com/malicious-npm-packages-target-cryptocurrency-paypal-users/