Tech »  Topic »  18 Popular Code Packages Hacked, Rigged to Steal Crypto

18 Popular Code Packages Hacked, Rigged to Steal Crypto

2 days ago   krebsonsecurity.com

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.

This phishing email lured a developer into logging in at a fake NPM website and supplying a one-time token for two-factor authentication. The phishers then used that developer’s NPM account to add malicious code to at least 18 popular JavaScript code packages.

Akido is a security firm in Belgium that monitors new code updates to major open-source code repositories, scanning any code updates for suspicious and malicious code. In ...


Copyright of this story solely belongs to krebsonsecurity.com . To see the full text click HERE