Malicious npm Packages Target Crypto Devs in New Attack

State-sponsored threat actors are targeting cryptocurrency and blockchain developers in a sophisticated supply chain attack dubbed the "Contagious Interview" campaign. The operation uses fake job offers on professional networking sites to trick developers into installing malicious npm packages disguised as coding assignments. Over 338 typosquatted and malicious packages have been deployed, leading to more than 50,000 downloads by unsuspecting victims. Once installed, the malware deploys backdoors like BeaverTail and InvisibleFerret to steal credentials and cryptocurrency assets. This persistent, factory-style operation highlights a significant and evolving threat to the open-source software ecosystem.

Latest mentioned: 10-13

Earliest mentioned: 10-11

Sources

gbhackers.com securityonline.info

Also Read

Sophisticated Malware Targets WordPress E-commerce Sites

The Wordfence Threat Intelligence Team has discovered a complex malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as a rogue plugin, employs advanced encryption, fake images, and remote command access for persistent exploitation. It logs user credentials, establishes backdoors, and injects JavaScript skimmers into checkout pages to steal credit card data. The campaign is attributed to Magecart Group 12, known for their persistent credit card skimming activities.

10-31Read more →