• bitcoinBitcoin (BTC) $ 85,899.00
  • ethereumEthereum (ETH) $ 1,648.74
  • tetherTether (USDT) $ 0.999902
  • xrpXRP (XRP) $ 2.18
  • bnbBNB (BNB) $ 589.97
  • solanaSolana (SOL) $ 132.92
  • usd-coinUSDC (USDC) $ 0.999965
  • tronTRON (TRX) $ 0.252176
  • dogecoinDogecoin (DOGE) $ 0.160510
  • cardanoCardano (ADA) $ 0.646736
  • staked-etherLido Staked Ether (STETH) $ 1,643.06
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 85,963.00
  • leo-tokenLEO Token (LEO) $ 9.43
  • avalanche-2Avalanche (AVAX) $ 20.09
  • chainlinkChainlink (LINK) $ 12.76
  • stellarStellar (XLM) $ 0.243415
  • the-open-networkToncoin (TON) $ 2.97
  • usdsUSDS (USDS) $ 0.999901
  • suiSui (SUI) $ 2.22
  • shiba-inuShiba Inu (SHIB) $ 0.000012
  • hedera-hashgraphHedera (HBAR) $ 0.167541
  • wrapped-stethWrapped stETH (WSTETH) $ 1,972.03
  • bitcoin-cashBitcoin Cash (BCH) $ 334.57
  • litecoinLitecoin (LTC) $ 78.19
  • polkadotPolkadot (DOT) $ 3.73
  • hyperliquidHyperliquid (HYPE) $ 16.57
  • bitget-tokenBitget Token (BGB) $ 4.34
  • binance-bridged-usdt-bnb-smart-chainBinance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 0.999675
  • pi-networkPi Network (PI) $ 0.743277
  • ethena-usdeEthena USDe (USDE) $ 0.999292
  • wethWETH (WETH) $ 1,644.14
  • whitebitWhiteBIT Coin (WBT) $ 27.91
  • moneroMonero (XMR) $ 213.96
  • wrapped-eethWrapped eETH (WEETH) $ 1,751.00
  • uniswapUniswap (UNI) $ 5.43
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 85,994.00
  • daiDai (DAI) $ 1.00
  • pepePepe (PEPE) $ 0.000007
  • okbOKB (OKB) $ 52.29
  • aptosAptos (APT) $ 4.76
  • ondo-financeOndo (ONDO) $ 0.882740
  • gatechain-tokenGate (GT) $ 22.57
  • tokenize-xchangeTokenize Xchange (TKX) $ 33.90
  • nearNEAR Protocol (NEAR) $ 2.12
  • susdssUSDS (SUSDS) $ 1.05
  • blackrock-usd-institutional-digital-liquidity-fundBlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
  • internet-computerInternet Computer (ICP) $ 4.96
  • crypto-com-chainCronos (CRO) $ 0.085915
  • mantleMantle (MNT) $ 0.694159
  • ethereum-classicEthereum Classic (ETC) $ 15.34
  • ethena-staked-usdeEthena Staked USDe (SUSDE) $ 1.17
  • aaveAave (AAVE) $ 140.86
  • vechainVeChain (VET) $ 0.024211
  • bittensorBittensor (TAO) $ 239.56
  • render-tokenRender (RENDER) $ 3.96
  • kaspaKaspa (KAS) $ 0.077977
  • cosmosCosmos Hub (ATOM) $ 4.17
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 86,148.00
  • fasttokenFasttoken (FTN) $ 4.13
  • ethenaEthena (ENA) $ 0.302969
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.998531
  • filecoinFilecoin (FIL) $ 2.53
  • algorandAlgorand (ALGO) $ 0.191833
  • sonic-3Sonic (prev. FTM) (S) $ 0.510974
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.186237
  • official-trumpOfficial Trump (TRUMP) $ 8.04
  • celestiaCelestia (TIA) $ 2.54
  • jupiter-perpetuals-liquidity-provider-tokenJupiter Perpetuals Liquidity Provider Token (JLP) $ 3.83
  • arbitrumArbitrum (ARB) $ 0.294699
  • solv-btcSolv Protocol SolvBTC (SOLVBTC) $ 86,004.00
  • kucoin-sharesKuCoin (KCS) $ 10.45
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 0.484880
  • makerMaker (MKR) $ 1,403.25
  • xdce-crowd-saleXDC Network (XDC) $ 0.073847
  • story-2Story (IP) $ 4.13
  • binance-staked-solBinance Staked SOL (BNSOL) $ 138.51
  • optimismOptimism (OP) $ 0.664416
  • jupiter-exchange-solanaJupiter (JUP) $ 0.384534
  • usdt0USDT0 (USDT0) $ 0.999899
  • bonkBonk (BONK) $ 0.000013
  • nexoNEXO (NEXO) $ 1.03
  • flare-networksFlare (FLR) $ 0.016279
  • binance-peg-wethBinance-Peg WETH (WETH) $ 1,649.21
  • quant-networkQuant (QNT) $ 67.18
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 1,710.82
  • worldcoin-wldWorldcoin (WLD) $ 0.750430
  • blockstackStacks (STX) $ 0.617433
  • eosEOS (EOS) $ 0.618068
  • sei-networkSei (SEI) $ 0.182361
  • fartcoinFartcoin (FARTCOIN) $ 0.923765
  • binance-bridged-usdc-bnb-smart-chainBinance Bridged USDC (BNB Smart Chain) (USDC) $ 1.00
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • dexeDeXe (DEXE) $ 14.44
  • wbnbWrapped BNB (WBNB) $ 590.23
  • polygon-bridged-usdt-polygonPolygon Bridged USDT (Polygon) (USDT) $ 0.999802
  • tether-goldTether Gold (XAUT) $ 3,238.30
  • rocket-pool-ethRocket Pool ETH (RETH) $ 1,855.06
  • curve-dao-tokenCurve DAO (CRV) $ 0.598096
  • injective-protocolInjective (INJ) $ 8.02
  • jasmycoinJasmyCoin (JASMY) $ 0.015922
  • the-graphThe Graph (GRT) $ 0.080346
  • solv-protocol-solvbtc-bbnSolv Protocol xSolvBTC (XSOLVBTC) $ 85,010.00
  • pax-goldPAX Gold (PAXG) $ 3,247.96
  • immutable-xImmutable (IMX) $ 0.410872
  • movementMovement (MOVE) $ 0.296955
  • usual-usdUsual USD (USD0) $ 0.998564
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 85,832.00
  • theta-tokenTheta Network (THETA) $ 0.686976
  • chain-2Onyxcoin (XCN) $ 0.019981
  • heliumHelium (HNT) $ 3.67
  • galaGALA (GALA) $ 0.014895
  • lido-daoLido DAO (LDO) $ 0.719696
  • mantle-staked-etherMantle Staked Ether (METH) $ 1,749.39
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 146.39
  • the-sandboxThe Sandbox (SAND) $ 0.259042
  • usdx-money-usdxStables Labs USDX (USDX) $ 0.999844
  • raydiumRaydium (RAY) $ 2.15
  • bittorrentBitTorrent (BTT) $ 0.00000062
  • msolMarinade Staked SOL (MSOL) $ 170.67
  • iotaIOTA (IOTA) $ 0.163758
  • kaiaKaia (KAIA) $ 0.102334
  • ondo-us-dollar-yieldOndo US Dollar Yield (USDY) $ 1.10
  • mantra-daoMANTRA (OM) $ 0.598888
  • walrus-2Walrus (WAL) $ 0.459051
  • bitcoin-svBitcoin SV (BSV) $ 28.34
  • flowFlow (FLOW) $ 0.354114
  • flokiFLOKI (FLOKI) $ 0.000056
  • pancakeswap-tokenPancakeSwap (CAKE) $ 1.87
  • jito-governance-tokenJito (JTO) $ 1.70
  • tezosTezos (XTZ) $ 0.506759
  • pendlePendle (PENDLE) $ 3.20
  • decentralandDecentraland (MANA) $ 0.275808
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 1,723.01
  • coredaoorgCore (CORE) $ 0.508979
  • zcashZcash (ZEC) $ 31.47
  • true-usdTrueUSD (TUSD) $ 0.997858
  • ethereum-name-serviceEthereum Name Service (ENS) $ 14.77
  • pyth-networkPyth Network (PYTH) $ 0.133306
  • pumpbtcpumpBTC (PUMPBTC) $ 83,343.00
  • spx6900SPX6900 (SPX) $ 0.516361
  • sonic-bridged-usdc-e-sonicSonic Bridged USDC.e (Sonic) (USDC.E) $ 0.999902
  • beldexBeldex (BDX) $ 0.069174
  • bridged-usdc-polygon-pos-bridgeBridged USDC (Polygon PoS Bridge) (USDC.E) $ 0.999902
  • kavaKava (KAVA) $ 0.422634
  • berachain-beraBerachain (BERA) $ 4.12
  • grassGrass (GRASS) $ 1.62
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 85,801.00
  • dydx-chaindYdX (DYDX) $ 0.563032
  • telcoinTelcoin (TEL) $ 0.004682
  • clbtcclBTC (CLBTC) $ 85,999.00
  • dogwifcoindogwifhat (WIF) $ 0.432925
  • solayerSolayer (LAYER) $ 2.02
  • apenftAPENFT (NFT) $ 0.00000043
  • reserve-rights-tokenReserve Rights (RSR) $ 0.007449
  • stakewise-v3-osethStakeWise Staked ETH (OSETH) $ 1,721.56
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.160607
  • thorchainTHORChain (RUNE) $ 1.16
  • usdbUSDB (USDB) $ 1.00
  • hashnote-usycHashnote USYC (USYC) $ 1.08
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 0.620243
  • ousgOUSG (OUSG) $ 110.69
  • elrond-erd-2MultiversX (EGLD) $ 14.18
  • mantle-restaked-ethMantle Restaked ETH (CMETH) $ 1,752.10
  • ecasheCash (XEC) $ 0.000020
  • tbtctBTC (TBTC) $ 86,073.00
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 1,642.05
  • olympusOlympus (OHM) $ 22.91
  • resolv-usrResolv USR (USR) $ 0.999223
  • based-brettBrett (BRETT) $ 0.037346
  • neoNEO (NEO) $ 5.24
  • compound-governance-tokenCompound (COMP) $ 40.81
  • honey-3Honey (HONEY) $ 0.999118
  • conflux-tokenConflux (CFX) $ 0.071017
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 1,650.07
  • axie-infinityAxie Infinity (AXS) $ 2.24
  • chilizChiliz (CHZ) $ 0.037401
  • super-oethSuper OETH (SUPEROETHB) $ 1,647.84
  • starknetStarknet (STRK) $ 0.122263
  • ubtcuBTC (UBTC) $ 77,106.00
  • aerodrome-financeAerodrome Finance (AERO) $ 0.435382
  • mantle-bridged-usdt-mantleMantle Bridged USDT (Mantle) (USDT) $ 0.999420
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 1,649.72
  • arweaveArweave (AR) $ 5.21
  • apecoinApeCoin (APE) $ 0.421925
  • stargate-bridged-usdc-berachainStargate Bridged USDC (Berachain) (USDC.E) $ 0.999740
  • wormholeWormhole (W) $ 0.072406
  • infrared-beraInfrared Bera (IBERA) $ 4.12
  • usddUSDD (USDD) $ 1.00
  • matic-networkPolygon (MATIC) $ 0.186298
  • binance-peg-busdBinance-Peg BUSD (BUSD) $ 0.999663
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000059
  • fraxFrax (FRAX) $ 0.999712
  • aioz-networkAIOZ Network (AIOZ) $ 0.273052
  • beam-2Beam (BEAM) $ 0.006027
  • trust-wallet-tokenTrust Wallet (TWT) $ 0.759802
  • plumePlume (PLUME) $ 0.156336
  • saros-financeSaros (SAROS) $ 0.118783
  • wemix-tokenWEMIX (WEMIX) $ 0.737699
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.004886
  • amp-tokenAmp (AMP) $ 0.003628
Bitcoin

Threat actors are injecting malicious codes into legitimate crypto projects

By admin
0 4

Threat actors are injecting malicious codes into legitimate crypto projects

Malicious actors are now injecting malicious codes into legitimate projects to steal digital assets from unsuspecting users. According to reports, cybersecurity researchers have uncovered a sophisticated malware campaign that is targeting crypto users through compromised npm packages.

According to the report, the attack specifically targets users of the Atomic and Exodus wallets, with the attacker hijacking transactions by injecting malicious codes that redirect funds to the attacker’s wallet. The latest campaign is in line with the ongoing chain of attacks against crypto users through software supply chain attacks.

The origin of the attack is usually from the developers, with most of them unknowingly installing the compromised npm packages in their projects. One such package identified in this campaign is “pdf-to-office,” which appears normally and looks legitimate but contains hidden malicious codes. After it is installed, the package scans the user’s device for installed crypto wallets and injects the malicious code that is capable of intercepting and redirecting transactions without the user’s knowledge.

Cybersecurity researchers flag malicious codes targeting crypto wallets

The impact of this attack is very dire for victims, with the malicious codes capable of silently redirecting crypto transactions to the wallets controlled by the attacker. These attacks work across several digital assets, including Ethereum, Solana, XRP, and Tron-based USDT. The malware effectively carries out this attack, switching the wallet addresses from the legitimate one to the attacker-controlled address at the moment that a user wants to send funds.

The malicious campaign was discovered by ReversingLabs researchers through their analysis of suspicious npm packages. The researchers mentioned that there are so many tell signs of malicious behaviors including the suspicious URL connections and code patterns similar to previously discovered malicious packages. They mentioned that there have been a number of campaigns that have attempted to use the malicious code this week. They believe that the attackers are using this technique to maintain persistence and evade detection.

“Most recently, a campaign launched on April 1 published a package, pdf-to-office, to the npm package manager that posed as a library for converting PDF format files to Microsoft Office documents. When executed, the package injected malicious code into legitimate, locally-installed crypto wallet software Atomic Wallet and Exodus, overwriting existing, non-malicious files in the process,” ReversingLabs said.

Infection mechanism and code injection

According to technical examination, the attack is multi-stage and begins when a user installs the package. The rest happens when they proceed through wallet identification, file extraction, malicious code injection, and ultimately transaction hijacking. The attackers also use obfuscation techniques to hide their intentions, making it hard for traditional tools to pick it up, making it too late by the time the user discovers.

After installation, the infection begins when the malicious package executes its payload targeting installed wallet software. The code identifies the location of the wallet’s application files before targeting the ASAR package format used by Electron-based applications. The code specifically searches for files in paths such as “AppData/Local/Programs/atomic/resources/app.asar”. Once it locates it, the malware extracts the application archive, injects its malicious code, and then rebuilds the archive.

The injections specifically target JavaScript files that are inside the wallet software, especially vendor files like “vendors.64b69c3b00e2a7914733.js”. The malware then modifies the transaction handling code to replace the real wallet addresses with the ones belonging to the attacker using the base64 encoding. For example, when a user tries to send Ethereum, the code replaces the recipient address with a decoded version of the address.

After the infection is completed, the malware communicates using a command-and-control server, sending installation status information including the user’s home directory path. This allows the attacker to track successful infections and potentially gather information about the compromised systems. According to ReversingLabs, the malicious path has also shown evidence of persistence, with the Web3 wallet on systems still infected even when the package has been removed.

Source

admin 11949 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.

Verified by MonsterInsights