SECURITYTHE HACKER NEWS
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown threat actors compromised the Injective Labs GitHub repository and published a malicious npm package to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised package, @injectivelabs/[email protected], included fake telemetry to exfiltrate wallet data.
Mentioned
Related Signal
Adjacent reporting
- Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
- Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
- Bitwarden CLI npm package compromised to steal developer credentials
- IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
- Official SAP npm packages compromised to steal credentials