Tag: software supply chain

5 Attack Reports | 0 Vulnerabilities

Attack reports

Atomic and Exodus crypto wallets targeted in malicious npm campaign

A malicious npm package named pdf-to-office was discovered targeting cryptocurrency wallets. The package, posing as a PDF to Office converter, injects malicious code into locally installed Atomic and Exodus wallets. This attack modifies legitimate files to redirect crypto funds to the attacker's wa…
cryptocurrency
persistence
npm
atomic
software supply chain
exodus
patching
2025-04-10
wallet
2025-04-14
trojanized code
atomic wallet
Published: April 14, 2025
Downloadable IOCs: 1

Operation Phantom Circuit: North Korea's Global Data Exfiltration Campaign

In December 2024, the Lazarus Group, a North Korean threat actor, launched a sophisticated global campaign targeting cryptocurrency and technology developers. The operation, code-named 'Phantom Circuit,' involved embedding malware into trusted development tools, compromising hundreds of victims wor…
north korea
cryptocurrency
data exfiltration
software supply chain
command-and-control
2025-01-30
phantom circuit
Published: January 30, 2025
Downloadable IOCs: 13

A new playground: Malicious campaigns proliferate from VSCode to npm

This intelligence details the emergence of malicious campaigns spreading from VSCode to npm. Researchers observed an increasing amount of malicious activity in VSCode Marketplace, with threat actors using npm packages to inject malicious code into VSCode IDE. The campaign initially targeted the cry…
obfuscation
npm
downloader
crypto
software supply chain
2024-12-19
zoom
malicious extensions
vscode
Published: December 19, 2024
Downloadable IOCs: 2

Malicious PyPI crypto pay package aiocpa implants infostealer code

ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with m…
obfuscation
infostealer
cryptocurrency
pypi
machine learning
software supply chain
2024-11-29
threat hunting
Published: November 29, 2024
Downloadable IOCs: 0

Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview

Datadog Security Research discovered three malicious npm packages: passports-js, bcrypts-js, and blockscan-api, containing BeaverTail malware associated with North Korean threat actors. The packages, downloaded 323 times, targeted job-seekers in the US tech industry through a campaign named Contagi…
infostealer
cryptocurrency
npm
dprk
beavertail
contagious interview
2024-10-25
invisibleferret
software supply chain
namesquatting
Published: October 25, 2024
Downloadable IOCs: 1
Click here to see more Attack Reports