Skip to main content

Posts

Latest News

Malicous npm package exploit crypto wallets

Experts have found a malicious npm package that consists of stealthy features to deploy malicious code into pc apps targeting crypto wallets such as Exodus and Atomic.  About the package Termed as “nodejs-smtp,” the package imitates the genuine email library nodemailer with the same README descriptions, page styling, and tagline, bringing around 347 downloads since it was uploaded to the npm registry earlier this year by a user “nikotimon.”  It is not available anymore. Socket experts Krill Boychenko said , "On import, the package uses Electron tooling to unpack Atomic Wallet's app.asar, replace a vendor bundle with a malicious payload, repackage the application, and remove traces by deleting its working directory.” What is the CIS build kit? The aim is to overwrite the recipient address with hard-coded wallets handled by a cybercriminal. The package delivers by working as an SMTP-based mailer while trying to escape developers’ attention.  This has surfaced after Reversin...

Latest Posts

Google to Confirm Identity of Every Android App Developer

Cybersecurity Breach Leads to Major Disruption at Jaguar Land Rover

Zscaler Confirms Exposure in Salesloft-Linked Data Breach

Malicious Go Package Disguised as SSH Tool Steals Credentials via Telegram

Data I/O Ransomware Attack Exposes Vulnerability in Global Electronics Supply Chain

Beware of SIM swapping attacks, your phone is at risk

Business and IT Leaders Diverge on Cloud and Security Priorities

New Forensic System Tracks Ghost Guns Made With 3D Printing Using SIDE

India's Biggest Cyber Fraud: Businessman Duped of ₹25 Crore Through Fake Trading App

Password Managers Face Clickjacking Flaw, Millions of Users at Risk