SlowMist: npm ecosystem hit by 30 malicious package attacks, developer credentials and private keys at risk of theft
CoinFeed July 1 news, according to SlowMist security alert, its monitoring system discovered a coordinated malicious supply chain attack targeting the npm ecosystem. Attackers planted JavaScript information stealers by forging trading bot repositories and DeFi-themed npm packages, involving 30 malicious npm packages, among which stake-math@3.5.4 appeared as a lock dependency in the donoaccestag/forex-mt5-trading-bot repository. The repository exhibits obvious abnormal signals, with approximately 23,000 highly homogenized forked repositories concentrated under the poly-stocks account. Attackers can steal local sensitive data such as crypto wallets, browser cookies, passwords, developer credentials, private keys, mnemonic phrases, and API tokens in source code.