The Mist Fog Security Team has just detected a serious malicious npm supply-chain attack targeting npm users and DeFi developers ⚠️
According to MistEye detection by Mist Fog, this is a coordinated attack. The attackers deploy JavaScript information-stealing tools by creating fake transaction-bot code repositories and DeFi-themed npm packages. So far, 30 malicious npm packages have been identified, including stake-math@3.5.4.
Of particular note, one repository, donoaccestag/forex-mt5-trading-bot, depends on this malicious package, and the repository has already generated around 2,300 highly homogeneous forks—most likely batch-generated by the attacker—primarily under the poly-stocks account.
Once your device is compromised, the attacker can steal:
🔴 Crypto wallet private keys and seed phrases
🔴 Browser cookies and saved passwords
🔴 Developer credentials and SSH keys
🔴 Shell history and API tokens
🔴 Sensitive information such as password manager data
**Developers need to take these protections immediately:**
1️⃣ Remove all affected npm packages
2️⃣ Audit package.json and package-lock.json as well as CI logs
3️⃣ Any system that has run npm install should be considered potentially compromised
4️⃣ Promptly rotate exposed sensitive information such as wallet keys, npm tokens, and cloud credentials
5️⃣ Rebuild the development environment from a clean image
There is no small matter in security. Supply-chain attacks have become increasingly frequent in recent years, and all DeFi developers need to stay vigilant!
#npm #慢雾 #Supply Chain Security