Socket: Malicious npm packages targeting BSC and Ethereum users discovered, stealing encryption wallet assets.

robot
Abstract generation in progress

According to Foresight News, the Socket threat research team released a report saying that it has found four malicious npm packages targeting BSC and Ethereum to steal users' crypto wallet assets. The four packages are: pancakeuniswapvalidatorsutilssnipe (350 downloads), pancakeswap-oracle-prediction (445 downloads), ethereum-smart-contract (305 downloads), and env-process (1054 downloads), with a total of over 2,100 downloads. The attacker uses obfuscated JavaScript code to steal 80%-85% of the target's wallet balance and go to an address they control. The packages were written by the same actor and spanned 3-4 years ago. Socket recommends that developers adopt automated dependency scanning and secure credential management to prevent attacks. Foresight News Note: npm packages refer to JavaScript packages that are managed through the npm (Node Package Manager). npm is Node.js's default package manager for installing, sharing, and managing JavaScript projects' dependencies and codebases.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Share
Comment
0/400
No comments
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)