18 Popular Code Packages Hacked, Rigged to Steal CryptoSeptember 8, 2025

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
13,328
Reaction score
11,286
Credits
95,827
((This post concerns JavaScript code packages, which were the subject of a thread/post made here recently...

https://www.linux.org/threads/recent-firefox-update-javascript-no-longer-running.57967/ ))



At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could lead to a disruptive malware outbreak that is far more difficult to detect and restrain.



September 8, 2025


npmjshelp.png

This phishing email lured a developer into logging in at a fake NPM website and supplying a one-time token for two-factor authentication. The phishers then used that developer’s NPM account to add malicious code to at least 18 popular JavaScript code packages.

Read more
 
Last edited:


;) Some duplication there, Brian

Wiz
 


Follow Linux.org

Members online


Latest posts

Top