Security Alert: Another well-known developer's NPM account has been compromised and injected with wallet-stealing malware
BlockBeats News, on September 9, according to Socket monitoring, the ongoing NPM supply chain attack has spread from the well-known developer Qix to another high-profile maintainer. The NPM account duckdb_admin, responsible for DuckDB-related packages, has been compromised, and multiple malicious versions have been published. The injected code is the same wallet-stealing malware used during the Qix account breach, strongly indicating that both incidents are part of the same attack operation.
As previously reported, the Ledger CTO stated that a large-scale supply chain attack has occurred, and the entire JavaScript ecosystem could be at risk. However, the NPM attackers did not succeed, and there were almost no victims.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
US Republican lawmaker: Milan may not make it to next week's Federal Reserve meeting
DuckDB confirms its Node.js and Wasm packages were compromised in an npm supply chain attack
Data: Stablecoin companies accounted for about 25% of total crypto fundraising in Q3
Trump: Trade negotiations with India are ongoing
Trending news
MoreCrypto prices
More
