New Malware Threat Targets Popular Cryptocurrency Wallets
Cybersecurity experts have uncovered a risky malware campaign aimed at Ethereum,XRP,and Solana users. The attack primarily targets Atomic and Exodus wallets via compromised npm packages.
Developers unknowingly install these trojanized packages, which then scan for cryptocurrency wallets on the system. Once found, the malware injects code that intercepts and redirects transactions to attacker-controlled addresses.
Researchers identified āpdf-to-officeā as a compromised package. It looks legitimate but contains hidden malicious code. This latest campaign shows an increase in attacks on crypto users through software supply chains.
The malware can redirect transactions across multiple cryptocurrencies, including Ethereum, Tron-based USDT, XRP, and Solana. ReversingLabs detected this through analyzing suspicious npm packages.
the infection process starts when the malicious package executes its payload, targeting wallet software. It searches for request files in specific paths, extracts the application archive, and injects malicious code.
The malware modifies transaction handling code, replacing legitimate wallet addresses with attacker-controlled ones using base64 encoding. Users have no visual indication that their transactions are compromised untill they verify the blockchain transaction.
this attack can be devastating as funds are sent to attackers without usersā knowledge. Itās crucial for developers and crypto users to stay vigilant and use trusted npm packages.
