Packages
-
Blog
Malicious npm packages target Ethereum developers’ private keys
Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. Collectively, the malicious packages have recorded more than one thousand downloads, researchers say. Narrow targeting campaign Hardhat is a widely used Ethereum development environment maintained by the Nomic Foundation. It is used for developing, testing, and deploying smart contracts and decentralized…
Read More » -
Blog
Malicious Rspack, Vant packages published using stolen NPM tokens
Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. The supply chain attack, spotted by both Sonatype and Socket researchers, deployed the XMRig cryptocurrency miner on compromised systems for mining the hard-to-trace Monero privacy cryptocurrency. Additionally, Sonatype discovered that all three npm packages fell…
Read More » -
Blog
How to Make Sure Your Packages Don’t Get Stolen
Contact the Retailer. Retailers have different policies on handling package thefts. Some, such as Target, have fine-print clauses saying the risk of loss passes to the buyer when the purchase is delivered to the shipping company. Still, it doesn’t hurt to ask. According to our survey, this is the most common action that victims take, with 58 percent of Americans…
Read More »
