Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Malicious NPM Packages Impersonate Popular Libraries to Steal Credentials, Cryptocurrency

In a recent cybersecurity alert, researchers have uncovered a wave of malicious NPM packages designed to impersonate popular JavaScript libraries. These packages are crafted to deceive developers by mimicking legitimate libraries, but their true intent is to steal sensitive information such as credentials and cryptocurrency wallets. The attack leverages the trust developers place in widely used packages, exploiting the open nature of the NPM ecosystem. The malicious packages employ various techniques including typosquatting and dependency confusion to infiltrate development environments. Once installed, they execute scripts that harvest user data and send it to attacker-controlled servers. This threat highlights the growing risk of supply chain attacks in software development, where attackers target the tools and libraries developers rely on daily. Security experts recommend rigorous package vetting, using verified publishers, and implementing automated scanning tools to detect suspicious packages early. Additionally, developers should monitor their dependencies regularly and apply the principle of least privilege to minimize potential damage. This incident underscores the importance of cybersecurity hygiene in the software supply chain to protect sensitive data and maintain trust in open-source ecosystems.

This Cyber News was published on thehackernews.com. Publication date: Sun, 07 Sep 2025 22:29:04 +0000

Cyber News related to Malicious NPM Packages Impersonate Popular Libraries to Steal Credentials, Cryptocurrency

Malicious NPM Packages Impersonate Popular Libraries to Steal Credentials, Cryptocurrency - In a recent cybersecurity alert, researchers have uncovered a wave of malicious NPM packages designed to impersonate popular JavaScript libraries. These packages are crafted to deceive developers by mimicking legitimate libraries, but their true ...
2 days ago Thehackernews.com

'everything' blocks devs from removing their own npm packages - Since these 3,000+ packages manage to include every single npm package on the npmjs.com registry as their dependency, npm package authors who have ever published to the npm registry would now be unable to remove their packages at will, because of ...
1 year ago Bleepingcomputer.com

How Businesses Can Manage Cryptocurrency Fraud - With cryptocurrency payments on the rise, businesses must learn how to safeguard against potential risks. Businesses across the US are seeking innovative payment methods, with an estimated 75% of retailers looking to embrace cryptocurrency payment ...
1 year ago Cyberdefensemagazine.com

New Research Delves Into the World of Malicious Cryptocurrency Mining - As cryptocurrency prices have soared in recent years, malicious cryptocurrency miners have increasingly targeted vulnerable computer systems with malicious crypto-mining software in search of profits. In a new research paper, security researchers at ...
2 years ago Thehackernews.com

Malicious PyPI packages targeting highly specific MacOS machines - As part of our software package supply chain security efforts, we continuously scan for malware in newly released PyPI and NPM packages. In this post, we describe a particularly interesting cluster of malicious packages that we've identified. In late ...
1 year ago Securitylabs.datadoghq.com

Malicious npm and PyPI Pose as Developer Tools to Steal Login Credentials - The researchers noted that the packages employ various exfiltration methods to transmit stolen credentials to threat actors, with react-native-scrollpageviewtest using Google Analytics as its exfiltration channel, while the PyPI packages leverage ...
4 months ago Cybersecuritynews.com

North Korean Lazarus hackers infect hundreds via npm packages - The packages contain malicious code designed to steal sensitive information, such as cryptocurrency wallets and browser data that contains stored passwords, cookies, and browsing history. The packages, which have been downloaded 330 times, are ...
5 months ago Bleepingcomputer.com

Lazarus Hackers Weaponized 6 npm Packages To Steal Logins - The hackers successfully compromised six popular npm packages, injecting malicious code designed to harvest login credentials from thousands of developers and organizations worldwide. A sophisticated supply chain attack orchestrated by the notorious ...
5 months ago Cybersecuritynews.com Lazarus Group

npm 'accidentally' removes Stylus package, breaks builds and pipelines - Panya (the former maintainer of Stylus) used their own account to release a package containing malicious code (for security research purposes? I am unsure), but did not release a new version of Stylus containing malicious code. BleepingComputer ...
1 month ago Bleepingcomputer.com

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data - A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital ...
11 months ago Thehackernews.com

5000+ Malicious Packages Found In The Wild To Compromise Windows Systems - These packages, detected from November 2024 onward, employ sophisticated techniques to evade traditional security measures while executing harmful actions that can lead to data theft, unauthorized access, and complete system compromise. Similarly, ...
5 months ago Cybersecuritynews.com

Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
1 year ago Bleepingcomputer.com

Malicious Python Packages Attacking Popular Cryptocurrency Library To Steal Sensitive Data - These packages, identified as bitcoinlibdbfix and bitcoinlib-dev, masquerade as legitimate fixes for the cryptocurrency library while containing code designed to exfiltrate sensitive database files containing valuable crypto wallet information. The ...
5 months ago Cybersecuritynews.com

Misconfiguration and vulnerabilities biggest risks in cloud security: Report - The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed ...
2 years ago Csoonline.com Hunters

3 PYPI Packages Caught Spreading Malware - Recent reports have highlighted the malicious spreading of malware via 3 specific Python Package Index (PyPI) packages. These 3 packages were identified and reported by Sonatype, a software supply chain security firm. ...
2 years ago Securityaffairs.com

Malicious NPM, PyPI Packages Stealing User Information - Check Point and Phylum are warning of recently identified NPM and PyPI packages designed to steal user information and download additional payloads. Taking advantage of the broad use of open source code in application development, malicious actors ...
2 years ago Securityweek.com

Lazarus Adds New Malicious npm Packages with Hexadecimal Encoding - These packages, part of the broader Contagious Interview operation, are designed to evade automated detection systems and manual code audits, marking a significant evolution in the group’s approach to cyber espionage and financial theft. The ...
5 months ago Cybersecuritynews.com Lazarus Group

Malicious NPM Packages Exploit Ethereum Wallets to Steal Crypto Funds - In a recent cybersecurity alert, researchers have uncovered a series of malicious NPM packages designed to exploit vulnerabilities in Ethereum wallets, leading to significant crypto fund thefts. These packages, masquerading as legitimate ...
6 days ago Thehackernews.com

Hackers breach Toptal GitHub account, publish malicious npm packages - In the days that followed, the attackers modified the source code of Picasso on GitHub to include malware and published 10 malicious packages on NPM as Toptal, making them appear as legitimate updates. According to code security ...
1 month ago Bleepingcomputer.com

Malicious PyPI packages abuse Gmail, websockets to hijack systems - Using a 'Client' class, the malware forwards traffic from the remote host to the local system through the tunnel, allowing internal admin panel and API access, file transfer, email exfiltration, shell command execution, credentials harvesting, and ...
4 months ago Bleepingcomputer.com Snatch

North Korean hackers target open-source repositories in new espionage campaign | The Record from Recorded Future News - North Korean state-backed hackers have planted malicious code in open-source software repositories as part of an ongoing campaign that has already put tens of thousands of developers at risk of surveillance and data theft, according to new research. ...
1 month ago Therecord.media

New PyPI Malware Poses as Crypto Wallet Tools to Steal Private Keys - The cybersecurity researchers at Checkmarx uncovered a series of new supply chain attacks that exploited the Python Package Index (PyPI) in September 2024 using malicious packages to target cryptocurrency wallets. These packages identified as ...
11 months ago Hackread.com

116 Malicious PyPI Packages Downloaded Over 10,000 Times - A cluster of malicious Python projects has been identified in PyPI, the official Python PyPI package repository, which targets both Windows and Linux systems and often deploys a custom backdoor. In certain instances, the ultimate payload consists of ...
1 year ago Cybersecuritynews.com

Malicious NPM Package Mimics as Popular Nodemailer - A recent cybersecurity incident has revealed a malicious npm package designed to impersonate the widely-used Nodemailer library, a popular tool for sending emails in Node.js applications. This fake package was uploaded to the npm registry, aiming to ...
1 week ago Cybersecuritynews.com

Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers' npm Tokens - Attackers first harvested maintainer credentials through sophisticated phishing emails, then used these stolen tokens to publish malicious package versions directly to npm repositories without making any corresponding changes to GitHub repositories, ...
1 month ago Cybersecuritynews.com