Malicious Solana GitHub repo used crypto-themed social engineering and obfuscated NPM packages to steal wallet keys, SlowMist finds. Attackers lured users with a popular trading bot repository, concealed malware in fake dependencies, and exfiltrated private keys to a spoofed server — leading to asset theft across multiple cloned forks.

Malicious Solana GitHub repo used crypto-themed social engineering and obfuscated NPM packages to steal wallet keys, SlowMist finds.

Attackers lured users with a popular trading bot repository, concealed malware in fake dependencies, and exfiltrated private keys to a spoofed server — leading to asset theft across multiple cloned forks.

slowmist.medium •

Revision history

9 recorded changes

Want your article here?

Promote with Leviathan News

More on npm

Axios RAT breach navigates npm seas—swift checks chart secure course ahead

Axios RAT breach navigates npm seas—swift checks chart secure course ahead

𝕏/@VentureBeat ·

Axios npm breach navigates swift waters: key rotation charts secure course ahead

Axios npm breach navigates swift waters: key rotation charts secure course ahead

CoinTelegraph ·

Anthropic's Claude code exposed via map file in public npm registry

Anthropic's Claude code exposed via map file in public npm registry

𝕏/@Fried_rice ·

Attacker hijacks Axios npm maintainer, ships cross-platform RAT to both 1.x and 0.x branches within 39 minutes

Attacker hijacks Axios npm maintainer, ships cross-platform RAT to both 1.x and 0.x branches within 39 minutes

𝕏/@feross ·

Hackers hide malware in GitHub, npm, and VS Code packages using invisible Unicode so supply‑chain attacks bypass human review and common defenses.

Hackers hide malware in GitHub, npm, and VS Code packages using invisible Unicode so supply‑chain attacks bypass human review and common defenses.

Arstechnica ·

Malicious npm package disguised as OpenClaw AI installer deploys full RAT stealing crypto wallets, macOS Keychain, and cloud credentials

Malicious npm package disguised as OpenClaw AI installer deploys full RAT stealing crypto wallets, macOS Keychain, and cloud credentials

The Hacker News ·

Axios RAT breach navigates npm seas—swift checks chart secure course ahead

Axios RAT breach navigates npm seas—swift checks chart secure course ahead

𝕏/@VentureBeat ·

Axios npm breach navigates swift waters: key rotation charts secure course ahead

Axios npm breach navigates swift waters: key rotation charts secure course ahead

CoinTelegraph ·

Anthropic's Claude code exposed via map file in public npm registry

Anthropic's Claude code exposed via map file in public npm registry

𝕏/@Fried_rice ·

Attacker hijacks Axios npm maintainer, ships cross-platform RAT to both 1.x and 0.x branches within 39 minutes

Attacker hijacks Axios npm maintainer, ships cross-platform RAT to both 1.x and 0.x branches within 39 minutes

𝕏/@feross ·

Hackers hide malware in GitHub, npm, and VS Code packages using invisible Unicode so supply‑chain attacks bypass human review and common defenses.

Hackers hide malware in GitHub, npm, and VS Code packages using invisible Unicode so supply‑chain attacks bypass human review and common defenses.

Arstechnica ·

Malicious npm package disguised as OpenClaw AI installer deploys full RAT stealing crypto wallets, macOS Keychain, and cloud credentials

Malicious npm package disguised as OpenClaw AI installer deploys full RAT stealing crypto wallets, macOS Keychain, and cloud credentials

The Hacker News ·

Explore the full feed

Up nextChaos Labs Walks Away From $5M Aave Risk Mandate Over V4 Architecture, Underfunded Risk Budget, And Fundamental Disagreement On How Risk Should Be Managed At DeFi’s Largest Lending Protocol.