Currencies38131
Market Cap$ 2.27T+0.19%
24h Spot Volume$ 31.16B-4.41%
DominanceBTC56.38%+0.05%ETH9.50%+0.88%
ETH Gas0.10 Gwei
Cryptorank
/

Microsoft Warns of Crypto-Stealing Malware Hidden in npm Packages


Microsoft Warns of Crypto-Stealing Malware Hidden in npm Packages

Share:

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

The attackers reportedly used Hugging Face repositories to exfiltrate stolen information, making the activity harder to detect. The campaign now forms part of the ongoing software supply-chain risks for developers and crypto users, particularly those storing wallet credentials, API keys, and other sensitive assets on development machines.

Microsoft Exposes New Malware Campaign

Microsoft warned that cybercriminals are targeting developers and cryptocurrency users through malicious software hidden inside public npm packages. According to Microsoft Threat Intelligence, two compromised npm packages, identified as utils-terminal@3.2.1 and logger-active@3.2.1, were discovered distributing a remote access trojan (RAT) capable of stealing sensitive information from infected systems.

The malicious packages were reportedly designed to collect a wide range of data, including keystrokes, screenshots, cryptocurrency wallet credentials, and other confidential information. Since npm is one of the most widely used software registries for JavaScript developers, the threat has the potential to impact a large number of users who unknowingly install compromised dependencies while building applications or web services.

Microsoft explained that the attackers used Hugging Face, a popular platform for artificial intelligence and machine learning projects, as part of their data exfiltration process. By routing stolen information through a trusted platform, the malicious activity may appear less suspicious than communications with traditional command-and-control servers, making detection more difficult for security teams.

The threat is particularly concerning for crypto developers and investors. Developer workstations often contain browser-based crypto wallets, private keys, seed phrase backups, exchange API credentials, GitHub access tokens, and cloud service credentials. If attackers gain access to these assets, they could potentially compromise cryptocurrency holdings, development environments, trading systems, and source code repositories.

Microsoft’s findings also align with a trend of attacks targeting software supply chains. In May, security researchers uncovered the TrapDoor malware campaign, which spread through dozens of malicious packages across npm, PyPI, and Rust repositories. That operation specifically targeted crypto and artificial intelligence developers by attempting to steal wallet data, cloud credentials, API keys, and SSH access.

Blog post from Socket research team

The latest warning also follows another recent report from Microsoft involving cryptojacking malware. In that campaign, attackers allegedly used poisoned search results and manipulated AI chatbot interactions to direct users toward fake software downloads. Once installed, the malicious programs leveraged system resources to mine cryptocurrency without the victims’ knowledge.

Security experts recommend that developers carefully review newly installed packages, remove suspicious dependencies, rotate potentially exposed credentials, and monitor wallet activity for unauthorized transactions. Crypto users are also advised to avoid storing seed phrases on internet-connected devices and to thoroughly verify all wallet transactions before approving them.

Read the article at Coinpaper

In This News

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Bithumb guides users on Humanity (H) claim portal after security incident

Bithumb guides users on Humanity (H) claim portal after security incident

BitcoinWorld Bithumb guides users on Humanity (H) claim portal after security incide...
Global INTERPOL Crackdown Exposes Crypto Laundering Behind Romance Scams

Global INTERPOL Crackdown Exposes Crypto Laundering Behind Romance Scams

In Brief Thai police uncovered a $122M crypto wallet laundering romance scam money. ...