Crypto Holders Beware! New Malware Drains ETH, SOL, XRP Wallets
Malware operations targeting holders of Ethereum, XRP, and Solana cryptocurrencies have been exposed by cybersecurity researchers. The threat attacks Atomic and Exodus wallet owners by using compromised software packages...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Malware operations targeting holders of Ethereum, XRP, and Solana cryptocurrencies have been exposed by cybersecurity researchers. The threat attacks Atomic and Exodus wallet owners by using compromised software packages installed by developers unaware of the malware contained in the code.
The malware, upon execution, is able to send cryptocurrency to thief-held addresses with no indication on the wallet owner.
How The Attack WorksResearchers say the attack starts when developers unwittingly include hacked node package manager (NPM) packages in their projects. One such package named “pdf-to-office” appears genuine on the surface but conceals malicious code within.
The package searches computers for installed crypto wallets and then injects code that intercepts transactions. This enables criminals to steal money without the user’s awareness or permission.
Multiple Cryptocurrencies At RiskSecurity researchers have concluded that the malware can divert transactions on multiple of the world’s leading cryptocurrencies. They include Ethereum, USDT, XRP and Solana. The attack is what researchers identify as “an escalation in the ongoing targeting of cryptocurrency users through software supply chain attacks.”
Technical Details Reveal Sophisticated MethodsReversingLabs discovered the campaign by scanning for suspicious NPM packages. Their analysis revealed several warning signs such as suspicious URL associations and code structures matching well-known threats.
The attack employs sophisticated techniques for evasion from security tools and is multi-stage in nature. The infection begins when the malware package executes its code aimed at wallet software on the target’s machine. It specifically looks for application files in some of the predetermined paths before injecting its malicious code.
No Visual User Warning SignsAccording to reports, this malware’s effect can be catastrophic since transactions appear absolutely normal on the wallet interface. The code substitutes valid recipient addresses with attacker-controlled addresses through base64 encoding.
For instance, when a user attempts to send ETH, the malware substitutes the recipient address with the attacker’s address, which is concealed in encoded form. Users have no visual clue that anything is wrong until they check the blockchain record afterward and discover their money went to an unexpected address.
The security threat indicates increased harm to cryptocurrency owners who might not be aware their transactions are compromised until funds go missing. The modus operandi of the attack is evidence of how hackers keep coming up with new methods of pilfering digital assets.
Cryptocurrency users should be extremely cautious when verifying all transaction addresses. Developers are also advised to double-check the security of any packages they install on cryptocurrency-related projects.
Featured image from Enterprise Networking Planet, chart from TradingView
Why this matters
This altcoin story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on NewsBTCRelated market context
France’s crypto kidnapping surge exposes the personal data trail behind wrench attacks
France’s crypto security problem is expanding beyond private keys to include the people whom attackers can identify, threaten, and...
LLM agents can now automate full cyberattacks, and crypto wallets are already in the crosshairs
The rise of autonomous AI-driven cyberattacks poses significant risks to financial stability and demands urgent regulatory attenti...
Tether Freezes USDT In 131 TRON Wallets After OFAC Sanctions Update
Tether has again shown how much control stablecoin issuers can exercise when sanctioned wallets enter the picture. Following an up...
Tether Freezes USDT in 131 TRON Wallets Under Updated OFAC Sanctions
There is a reason this one is worth separating from the usual market noise. Tether Freezes USDT in 131 TRON Wallets Under Updated...
How tokenized stocks fail as collateral even when the stock price does not move
DeFi lending protocol Edel disclosed a $403,000 exploit that hit the layer where tokenized stocks are trying to become DeFi collat...
New York seeks to classify 39,069 dormant bitcoin addresses as abandoned property
The case could redefine digital asset ownership laws, impacting Bitcoin holders' security, estate planning, and exchange complianc...