Binance Square
#npm

npm

20,399 views
28 Discussing
雪奈的白子
·
--
The Mist Fog Security Team has just detected a serious malicious npm supply-chain attack targeting npm users and DeFi developers ⚠️ According to MistEye detection by Mist Fog, this is a coordinated attack. The attackers deploy JavaScript information-stealing tools by creating fake transaction-bot code repositories and DeFi-themed npm packages. So far, 30 malicious npm packages have been identified, including stake-math@3.5.4. Of particular note, one repository, donoaccestag/forex-mt5-trading-bot, depends on this malicious package, and the repository has already generated around 2,300 highly homogeneous forks—most likely batch-generated by the attacker—primarily under the poly-stocks account. Once your device is compromised, the attacker can steal: 🔴 Crypto wallet private keys and seed phrases 🔴 Browser cookies and saved passwords 🔴 Developer credentials and SSH keys 🔴 Shell history and API tokens 🔴 Sensitive information such as password manager data **Developers need to take these protections immediately:** 1️⃣ Remove all affected npm packages 2️⃣ Audit package.json and package-lock.json as well as CI logs 3️⃣ Any system that has run npm install should be considered potentially compromised 4️⃣ Promptly rotate exposed sensitive information such as wallet keys, npm tokens, and cloud credentials 5️⃣ Rebuild the development environment from a clean image There is no small matter in security. Supply-chain attacks have become increasingly frequent in recent years, and all DeFi developers need to stay vigilant! #npm #慢雾 #Supply Chain Security
The Mist Fog Security Team has just detected a serious malicious npm supply-chain attack targeting npm users and DeFi developers ⚠️

According to MistEye detection by Mist Fog, this is a coordinated attack. The attackers deploy JavaScript information-stealing tools by creating fake transaction-bot code repositories and DeFi-themed npm packages. So far, 30 malicious npm packages have been identified, including stake-math@3.5.4.

Of particular note, one repository, donoaccestag/forex-mt5-trading-bot, depends on this malicious package, and the repository has already generated around 2,300 highly homogeneous forks—most likely batch-generated by the attacker—primarily under the poly-stocks account.

Once your device is compromised, the attacker can steal:
🔴 Crypto wallet private keys and seed phrases
🔴 Browser cookies and saved passwords
🔴 Developer credentials and SSH keys
🔴 Shell history and API tokens
🔴 Sensitive information such as password manager data

**Developers need to take these protections immediately:**
1️⃣ Remove all affected npm packages
2️⃣ Audit package.json and package-lock.json as well as CI logs
3️⃣ Any system that has run npm install should be considered potentially compromised
4️⃣ Promptly rotate exposed sensitive information such as wallet keys, npm tokens, and cloud credentials
5️⃣ Rebuild the development environment from a clean image

There is no small matter in security. Supply-chain attacks have become increasingly frequent in recent years, and all DeFi developers need to stay vigilant!

#npm #慢雾 #Supply Chain Security
The Mist Security Team has just issued an alert, detecting a coordinated malicious supply-chain attack targeting npm users and DeFi developers ⚠️ According to monitoring by MistEye, the attackers have deployed JavaScript information-stealing tooling via fake transaction-bot code repositories and DeFi-themed npm packages. So far, 30 malicious npm packages have been identified, including stake-math@3.5.4, which has already appeared in the lockfile dependencies of a public code repository. Even more concerning is that the related anomalous repositories have generated around 2,300 highly homogeneous forks—most likely mass-produced by the attacker—mainly under the poly-stocks account. If you get compromised, the attacker can steal your: 🔴 Crypto wallet private keys and mnemonic phrases 🔴 Browser cookies, saved passwords, and browsing history 🔴 Developer credentials, shell history, and password manager data 🔴 Sensitive information such as API tokens in the source code All developers are advised to take immediate action: 1️⃣ Remove the affected npm packages 2️⃣ Audit package.json / package-lock.json and CI logs 3️⃣ Check systems that have run npm install, and promptly replace any exposed keys and credentials 4️⃣ Rebuild the affected environment from a clean image Supply-chain attacks are no longer new, but targeted attacks against crypto developers are becoming increasingly frequent. Please strengthen your security awareness and check your dependencies in time ❗️ #npm #供应链安全 #DeFi安全
The Mist Security Team has just issued an alert, detecting a coordinated malicious supply-chain attack targeting npm users and DeFi developers ⚠️

According to monitoring by MistEye, the attackers have deployed JavaScript information-stealing tooling via fake transaction-bot code repositories and DeFi-themed npm packages. So far, 30 malicious npm packages have been identified, including stake-math@3.5.4, which has already appeared in the lockfile dependencies of a public code repository.

Even more concerning is that the related anomalous repositories have generated around 2,300 highly homogeneous forks—most likely mass-produced by the attacker—mainly under the poly-stocks account.

If you get compromised, the attacker can steal your:
🔴 Crypto wallet private keys and mnemonic phrases
🔴 Browser cookies, saved passwords, and browsing history
🔴 Developer credentials, shell history, and password manager data
🔴 Sensitive information such as API tokens in the source code

All developers are advised to take immediate action:
1️⃣ Remove the affected npm packages
2️⃣ Audit package.json / package-lock.json and CI logs
3️⃣ Check systems that have run npm install, and promptly replace any exposed keys and credentials
4️⃣ Rebuild the affected environment from a clean image

Supply-chain attacks are no longer new, but targeted attacks against crypto developers are becoming increasingly frequent. Please strengthen your security awareness and check your dependencies in time ❗️

#npm #供应链安全 #DeFi安全
🚨 Security Alert: 30 malicious npm packages disguised as trading bots, specifically stealing developer keys and mnemonic phrases! #npm #DeFi
🚨 Security Alert: 30 malicious npm packages disguised as trading bots, specifically stealing developer keys and mnemonic phrases! #npm #DeFi
Log in to explore more content
Join global crypto users on Binance Square
⚡️ Get latest and useful information about crypto.
💬 Trusted by the world’s largest crypto exchange.
👍 Discover real insights from verified creators.
Email / Phone number