2025-01-09 02:42:46 Pacfic
Malicious NPM Packages Target Ethereum Devs - 2d
Ethereum developers are being targeted by a supply chain attack involving malicious npm packages designed to look like legitimate Hardhat plugins. These fake packages, with names closely resembling real ones, are being used to steal sensitive data, including private keys and mnemonics. Researchers have identified at least 20 of these malicious packages, which have collectively been downloaded over 1,000 times. The attack exploits trust in the open-source ecosystem, specifically within the npm registry. Once installed, the malicious packages use Hardhat runtime functions to collect sensitive information and transmit it to attacker-controlled endpoints.
The attackers are using Ethereum smart contracts to store and distribute Command & Control (C2) server addresses, making it more difficult to disrupt their infrastructure. This strategy, combined with using hardcoded keys and Ethereum addresses, enables efficient data exfiltration. The campaign is attributed to a Russian-speaking threat actor known as "_lain." The compromised development environments could lead to backdoors in production systems and significant financial losses for affected developers. Developers are urged to verify package authenticity, inspect source code, and exercise caution when using package names.
ImgSrc: blogger.googleusercontent.com
References:
- CISO2CISO.COM & CYBER SECURITY GROUP - Malicious npm packages target Ethereum developers – Source: securityaffairs.com - 2d
- Security Affairs - Malicious npm packages target Ethereum developers - 2d
- The Hacker News - Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages - 2d
- ciso2ciso.com - Malicious npm packages target Ethereum developers – Source: securityaffairs.com - 2d
- gbhackers.com - Malicious npm Packages Stealing Developers’ Sensitive Data - 1d
- osint10x.com - Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages - 1d
- Osint10x - Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages - 1d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Malicious npm Packages Stealing Developers’ Sensitive Data - 1d
Classification:
- HashTags: Ethereum npm SupplyChainAttack
- Company: Ethereum
- Target: Ethereum Developers
- Product: Ethereum
- Feature: Supply Chain Attack
- Type: Hack
- Severity: Major