VulnHub

Real-time Cybersecurity News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

The Hacker News
Actively Exploited
MalwareTrojan

Overview

Researchers have identified a supply chain attack affecting legitimate npm and PyPI packages, specifically targeting versions of @dydxprotocol/v4-client-js. The compromised versions include 3.4.1, 1.22.1, 1.15.2, and 1.0.31. Attackers have modified these packages to distribute malware designed to steal cryptocurrency wallet credentials and enable remote access through RAT (Remote Access Trojan) software. This incident poses a significant risk to developers and users relying on these packages, as it can lead to unauthorized access to sensitive financial information. Companies and individual developers should review their dependencies and ensure they are using safe versions to mitigate potential risks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: @dydxprotocol/v4-client-js (npm) versions 3.4.1, 1.22.1, 1.15.2, 1.0.31
  • Action Required: Developers should update to safe versions of @dydxprotocol/v4-client-js and review their package dependencies for any signs of compromise.
  • Timeline: Newly disclosed

Original Article Summary

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution. The compromised versions of the two packages are listed below - @dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31&

Impact

@dydxprotocol/v4-client-js (npm) versions 3.4.1, 1.22.1, 1.15.2, 1.0.31

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Developers should update to safe versions of @dydxprotocol/v4-client-js and review their package dependencies for any signs of compromise.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware, Trojan.

Read Original Article

Related Coverage

DHS privacy probe will focus on biometric tracking by ICE, OBIM

CyberScoop

The Department of Homeland Security (DHS) is facing a privacy investigation that will focus on the use of biometric tracking by its Immigration and Customs Enforcement (ICE) and the Office of Biometric Identity Management (OBIM). Auditors have indicated that the probe might expand to other DHS components, examining how the agency utilizes biometric markers in immigration enforcement activities. This scrutiny comes as concerns grow over privacy rights and the implications of increased surveillance. The outcome of this investigation could impact DHS's practices and policies regarding biometric data collection and usage, raising questions about transparency and accountability in immigration enforcement.

Feb 6, 2026

Anthropic: Latest Claude model finds more than 500 vulnerabilities

SCM feed for Latest

Anthropic, an AI company, has reported that its latest Claude model has identified over 500 vulnerabilities in various software systems. These vulnerabilities were carefully validated by human researchers to ensure that no false positives slipped through. This kind of thorough analysis is crucial because it helps organizations pinpoint and address security weaknesses before they can be exploited. The findings emphasize the ongoing need for vigilance in software security, as even established systems can harbor significant vulnerabilities. Companies using affected software should take immediate steps to assess their systems and apply necessary updates or patches to mitigate potential risks.

Feb 6, 2026

CISA gives federal agencies one year to replace outdated edge devices

SCM feed for Latest

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all federal agencies upgrade their outdated edge devices within the next year. This initiative is in response to concerns over the security weaknesses posed by aging network infrastructure, which could leave federal systems vulnerable to cyberattacks. Experts have long warned that outdated technology can create entry points for attackers, potentially compromising sensitive government data. By enforcing this requirement, CISA aims to bolster the overall security posture of federal networks and reduce risks associated with legacy systems. The move reflects a growing recognition of the need for modern, secure technology in government operations.

Feb 6, 2026

How to use Lockdown Mode: The extreme iPhone security feature that foiled even the FBI

Latest news

Lockdown Mode is a security feature for iPhones designed to protect users from cyber attacks and prevent forensic tools from accessing data after a device is seized by authorities. This mode is particularly useful for individuals who may be at risk of targeted attacks, such as journalists, activists, or those in sensitive positions. By activating Lockdown Mode, users enhance their privacy and security, making it significantly harder for anyone to extract information from their devices. The feature gained attention after reportedly thwarting attempts by law enforcement, including the FBI, to access iPhones during investigations. This highlights the ongoing battle between personal privacy and law enforcement access to digital data, raising important questions about the balance between security and individual rights.

Feb 6, 2026

DKnife Linux toolkit hijacks router traffic to spy, deliver malware

BleepingComputer

The DKnife toolkit has been in use since 2019, allowing attackers to hijack traffic from edge devices to spy on users and deliver malware. This toolkit targets routers and other network devices, making it a significant threat to both individuals and organizations that rely on these systems for internet connectivity. By intercepting data, attackers can monitor communications and potentially steal sensitive information. The ongoing use of DKnife illustrates the persistent risks posed by advanced cyber espionage techniques. Users and companies need to be vigilant about securing their network devices to prevent such intrusions.

Feb 6, 2026

CISA warns of SmarterMail RCE flaw used in ransomware attacks

BleepingComputer

The Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning regarding a serious vulnerability, identified as CVE-2026-24423, in SmarterMail. This flaw allows for unauthenticated remote code execution (RCE), which means attackers could potentially take control of affected systems without needing any prior authentication. This vulnerability has already been leveraged in ransomware attacks, posing significant risks to users and organizations running SmarterMail. Users are urged to take immediate action to secure their systems, as the flaw could lead to severe data breaches and operational disruptions. The urgency of this warning stems from the active exploitation of the flaw in the wild, highlighting the need for prompt remediation.

Feb 6, 2026