Largest supply chain attack in history targets crypto users through compromised JavaScript packages
A new cyberattack is silently targeting crypto from users during transactions amid an incident that security researchers describe as the largest supply chain attack in history.
BleepingComputer reported that hackers compromised NPM package maintainer accounts through phishing emails and injected malware that steals crypto.
The attack targeted JavaScript developers with fraudulent emails appearing to originate from “[email protected],” an impersonated domain mimicking the legitimate NPM registry.
The phishing messages warned maintainers that their accounts would be locked on Sept. 10, unless they updated their two-factor authentication credentials through a malicious link.
Attackers successfully compromised 18 widely-used JavaScript…
