Microsoft has warned that attackers hid crypto-stealing malware inside public npm packages, creating a fresh risk for developers, crypto investors and wallet users.
Summary
- Microsoft says npm packages deploy RAT malware that quietly steals crypto wallet credentials from devices.
- Attackers used Hugging Face repos to move stolen data while avoiding suspicious server traffic logs.
- Crypto.news coverage links Microsoft’s warning to wider supply-chain attacks hitting developers and crypto wallet tools.
Microsoft Flags Poisoned npm Packages
Microsoft Threat Intelligence said two compromised npm packages, [email protected] and [email protected], were “abusing…
