Summary: A series of NPM packages used for blockchain development have been compromised to deliver information-stealing malware, as reported by Sonatype. The hijacked packages, which have been part of the NPM registry for years, contain obfuscated scripts capable of gathering sensitive information from users’ systems. Although some of the malicious updates have been removed, the potential impact on users remains significant due to the large number of downloads these packages have accumulated over time.
Affected: NPM packages for blockchain application development
Keypoints :
- Malicious updates were published for several popular NPM packages, including ‘bnb-javascript-sdk-nobroadcast’ and ‘country-currency-map’.
- The obfuscated scripts in the compromised packages can steal sensitive information like access tokens and API keys.
- The possible hijacking method involved the compromise of old maintainer accounts, with some authors still needing to adopt two-factor authentication (2FA).
Source: https://www.securityweek.com/9-year-old-npm-crypto-package-hijacked-to-steal-information/