Attacks on the software supply chain are underway, shaking the cryptocurrency ecosystem through JavaScript. According to a group of computer vulnerability researchers writing under the name JDSTAERK, countless NPM development packages (node packages) have been subject to malicious updates.
Researchers would have discovered that the developer’s account known as “qix” was violated and allowed. Malicious code distribution for tools that accumulate over 47 million downloads Every week. Although it is primarily a JavaScript developer across the Internet, attacks can indirectly affect end users and compromise cryptocurrency wallets.
The incident comes from the NPM repository, a platform that houses open source packages that are essential for developing JavaScript applications.
These packages are used in thousands of projects around the world and are common dependencies for servers and web applications. The committed account would have allowed the attacker Publish modified versions of popular packagesintroduces malicious code designed to steal stealth when stealing cryptocurrency funds.
According to an analysis posted on the jdstaerk.substack.com blog, malware is specifically activated when it detects the presence of cryptocurrency wallets as meta masks.
Malicious code works in two phases. If the wallet cannot be found, it attempts to run a passive attack to send data to an external server. However, detecting an active wallet presents a real risk. In this scenario, malware intercepts communication between the wallet and the user. Operate actual time transactions from the operating system clipboard.
Researchers explain the fraudulent process in more detail.
When a user starts a transaction (for example, ETH_SENDTRANSACTION), malware intercepts the data before sending it to the wallet for signature. It then changes the transaction in memory and replaces the legitimate receiver orientation with the attacker orientation. The manipulated transaction is transferred to the user’s wallet for approval. If the user does not meticulously confirm the confirmation screen address, they sign a transaction that sends funds directly to the attacker.
Jdstaerk, group of investigators.
Although the end-user is not a direct purpose, the ubiquitous presence of these packages in software projects amplifies risk. This is not mentioned directly in the JDSTAERK analysis.
Charles Guillemett, CTO de Ledger, and who reflected the news, it warns it Only users who use wallet hardware and can perform visible, secure signature processes are safe Before the software supply chain attack.