Binance Square
#慢雾

慢雾

311 views
4 Discussing
雪奈的白子
·
--
The Mist Fog Security Team has just detected a serious malicious npm supply-chain attack targeting npm users and DeFi developers ⚠️ According to MistEye detection by Mist Fog, this is a coordinated attack. The attackers deploy JavaScript information-stealing tools by creating fake transaction-bot code repositories and DeFi-themed npm packages. So far, 30 malicious npm packages have been identified, including stake-math@3.5.4. Of particular note, one repository, donoaccestag/forex-mt5-trading-bot, depends on this malicious package, and the repository has already generated around 2,300 highly homogeneous forks—most likely batch-generated by the attacker—primarily under the poly-stocks account. Once your device is compromised, the attacker can steal: 🔴 Crypto wallet private keys and seed phrases 🔴 Browser cookies and saved passwords 🔴 Developer credentials and SSH keys 🔴 Shell history and API tokens 🔴 Sensitive information such as password manager data **Developers need to take these protections immediately:** 1️⃣ Remove all affected npm packages 2️⃣ Audit package.json and package-lock.json as well as CI logs 3️⃣ Any system that has run npm install should be considered potentially compromised 4️⃣ Promptly rotate exposed sensitive information such as wallet keys, npm tokens, and cloud credentials 5️⃣ Rebuild the development environment from a clean image There is no small matter in security. Supply-chain attacks have become increasingly frequent in recent years, and all DeFi developers need to stay vigilant! #npm #慢雾 #Supply Chain Security
The Mist Fog Security Team has just detected a serious malicious npm supply-chain attack targeting npm users and DeFi developers ⚠️

According to MistEye detection by Mist Fog, this is a coordinated attack. The attackers deploy JavaScript information-stealing tools by creating fake transaction-bot code repositories and DeFi-themed npm packages. So far, 30 malicious npm packages have been identified, including stake-math@3.5.4.

Of particular note, one repository, donoaccestag/forex-mt5-trading-bot, depends on this malicious package, and the repository has already generated around 2,300 highly homogeneous forks—most likely batch-generated by the attacker—primarily under the poly-stocks account.

Once your device is compromised, the attacker can steal:
🔴 Crypto wallet private keys and seed phrases
🔴 Browser cookies and saved passwords
🔴 Developer credentials and SSH keys
🔴 Shell history and API tokens
🔴 Sensitive information such as password manager data

**Developers need to take these protections immediately:**
1️⃣ Remove all affected npm packages
2️⃣ Audit package.json and package-lock.json as well as CI logs
3️⃣ Any system that has run npm install should be considered potentially compromised
4️⃣ Promptly rotate exposed sensitive information such as wallet keys, npm tokens, and cloud credentials
5️⃣ Rebuild the development environment from a clean image

There is no small matter in security. Supply-chain attacks have become increasingly frequent in recent years, and all DeFi developers need to stay vigilant!

#npm #慢雾 #Supply Chain Security
Log in to explore more content
Join global crypto users on Binance Square
⚡️ Get latest and useful information about crypto.
💬 Trusted by the world’s largest crypto exchange.
👍 Discover real insights from verified creators.
Email / Phone number