Security Alert: Another well-known developer's NPM account has been compromised and injected with wallet-stealing malware
BlockBeats News, on September 9, according to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another high-profile maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used during the Qix account breach, strongly indicating that both incidents are part of the same attack operation.
As previously reported, the Ledger CTO stated that a large-scale supply chain attack has occurred, and the entire JavaScript ecosystem could be at risk. However, the NPM attackers did not succeed, and there were almost no victims.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
U.S. stocks continue to decline, with the S&P 500 Index down 0.7%
Data: A total of 5.9962 million ASTER were transferred into Aster, valued at approximately $4.7065 million.
Data: 159,800 LINK transferred from a certain exchange to Grayscale, worth approximately $2.05 million
Trending news
MoreCrypto prices
More
