Atomic and Exodus crypto wallets targeted in malicious npm campaign

SUMMARY :

Threat actors are employing new techniques to target the cryptocurrency community by uploading packages to popular open source repositories that apply malicious 'patches' to local versions of legitimate libraries. A recent campaign launched on April 1 published a package called 'pdf-to-office' on npm, which injected malicious code into locally installed Atomic Wallet and Exodus crypto wallet software. This attack overwrote existing files, allowing attackers to swap out intended wallet destination addresses with their own. The malicious package was designed to target specific versions of the wallets and included persistence mechanisms. This campaign is part of a larger trend of sophisticated software supply chain attacks targeting the cryptocurrency industry, highlighting the need for improved monitoring and security measures in both commercial and open-source software.

OPENCTI LABELS :

cryptocurrency,software supply chain,persistence,npm,exodus,atomic,patching,wallet


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Atomic and Exodus crypto wallets targeted in malicious npm campaign