Injective SDK on npm infected with cryptocurrency wallet stealer
Overview
Hackers have compromised the GitHub repository of the Injective Labs SDK project and used it to distribute a malicious package on npm, the Node Package Manager. This malicious package is designed to steal private keys and mnemonic seed phrases from users' cryptocurrency wallets. Developers and users who downloaded the affected package could find their digital assets at risk. This incident raises significant concerns about the security of open-source projects and the potential for similar attacks on other repositories. Users are urged to be cautious and verify the integrity of packages before installation to protect their cryptocurrency holdings.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: Injective SDK, npm users, cryptocurrency wallets
- Action Required: Users should avoid downloading or using the compromised package and verify the authenticity of packages from open-source repositories.
- Timeline: Newly disclosed
Original Article Summary
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. [...]
Impact
Injective SDK, npm users, cryptocurrency wallets
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Users should avoid downloading or using the compromised package and verify the authenticity of packages from open-source repositories. Regularly check for updates and security advisories related to the Injective SDK.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Malware.