Crypto malware silently steals ETH, XRP, SOL from wallets
Cybersecurity researchers have shared details of a malware campaign targeting Ethereum, XRP, and Solana.
The attack mainly targets Atomic and Exodus wallet users through compromised node package manager (NPM) packages.
It then redirects transactions to attacker-controlled addresses without the wallet owner’s knowledge.
The attack begins when developers unknowingly install trojanized npm packages in their projects. Researchers identified “pdf-to-office” as a compromised package that appears legitimate but contains hidden malicious code.
Once installed, the package scans the system for installed cryptocurrency wallets and injects malicious code that intercepts transactions.
