Malware Campaign Stolen Crypto Wallet Transactions
Security researchers have uncovered a stealthy malware campaign that’s stealing Ethereum (ETH), XRP, and Solana (SOL) wallets. The attack exploits Node Package Manager (NPM) packages, mainly targeting developers who unknowingly install compromised dependencies. Once executed, the malware silently reroutes the crypto transactions to attacker-controlled wallets.
Atomic and Exodus Wallets at Risk
The attack primarily targets Atomic and Exodus wallet users. Malware spreads through packages like “pdf-to-office,” which appear authentic but conceal dangerous scripts. Upon installation, the package searches for cryptocurrency wallets in the user’s system and injects code to record outgoing transactions.
How the Infection Spreads
Attack begins with developers placing infected packages in their projects. Trojanezed packages contain obfuscated payloads designed to fly under the radar. Upon launching, the malware searches for wallet programs in normal file locations. Once it identifies Exodus or Atomic, it injects code that quietly steals crypto transactions silently without alerting users.
Targeting Multiple Blockchains
This latest campaign is a rise in the ongoing exploitation of cryptocurrency users through software supply chain attacks,” analysts commented. The malware intercepts Ethereum, Tron-based USDT, XRP, and Solana transactions. This widespread targeting increases the risk to users in leading blockchain environments.
Advanced Evasion Techniques
Security firm ReversingLabs discovered the campaign through ongoing observations of malicious NPM activities. Malware utilizes advanced evasion techniques, like dodgy URL strings and behaviors similar to that of known malware families. With a multi-stage infection process and low system load, it is able to remain stealthy and consume crypto assets over time.
Developers and Users Vulnerable
The campaign refers to the growing risk of software supply chain attacks in the world of cryptocurrency. Developers should check for dependencies and audit packages for malicious use. Wallet users must update software on a regular basis and examine transaction history for suspicious activity.
