Microsoft Flags Two Malicious npm Packages Targeting Crypto Wallets
3 июн. 2026 г.
< 1 мин. на чтение
Coin Edition
для CoinEdition

Поделиться:
- Microsoft flagged two malicious npm packages abusing Hugging Face APIs.
- The packages deployed a RAT to steal keystrokes, screenshots, and wallet data.
- The incident highlights ongoing npm supply chain risks targeting crypto users.
On June 3, 2026, Microsoft Threat Intelligence reported that two compromised npm packages were deploying a remote access trojan (RAT) to steal keystrokes, screenshots, and crypto wallet credentials while abusing Hugging Face repositories (repos) for data exfiltration.
Microsoft Flags Two Malicious npm Packages
Microsoft Threat Intelligence has identified two malicious npm packages, utils-terminal@3.2.1 and logger-active@3.2.1, that were compromised or published with malicious intent. These packages deploy a RAT that can capture keystrokes, take screenshots, and steal cryptocurrency wallet credentials.
The packages abuse Hugging Face…
Read The Full Article Microsoft Flags Two Malicious npm Packages Targeting Crypto Wallets On Coin Edition.
Читать больше



