Threat Actors Hijack Legitimate Crypto Packages to Inject Malicious Code
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting cryptocurrency users through compromised npm packages.
The attack specifically targets users of Atomic and Exodus wallets, hijacking transactions by injecting malicious code that redirects funds to attacker-controlled addresses.
This latest campaign represents an escalation in the ongoing targeting of cryptocurrency users through software supply chain attacks.
.png
)
The attack begins when developers unknowingly install compromised npm packages in their projects.
One such package identified in this campaign is “pdf-to-office,” which appears legitimate but contains hidden malicious functionality.
Once installed,…
