After a JavaScript developer's NPM account was compromised in a phishing attack, attackers used it to upload malicious versions of heavily used JavaScript color and debugging libraries, as well as simple utilities that do things like <code>strip-ansi</code> or determine if a variable <code>is-arrayish</code>. Altogether, the packages get around two billion downloads per week, and the compromise is being called the "largest supply chain attack in history".<p>Once the malicious code is injected, it then intercepts network traffic and API calls, scanning for cryptocurrency transactions across numerous blockchains. When a network request is made to transfer crypto, the malicious code intercepts it and replaces the destination with wallets controlled by the attackers.</p><p>Various prominent people in crypto have warned about the attack, with Ledger CTO Charles Guillemet tweeting: "If you use a <button class="define-target" id="hardware-wallet">hardware wallet</button>, pay attention to every transaction before signing and you're safe. If you don't use a hardware wallet, refrain from making any on-chain transactions for now."</p>

"Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack"

Archived tweet

Tweet by Charles Guillemet:

Tweet #1

Links: