The post Threat actors are injecting malicious codes into legitimate crypto projects appeared on BitcoinEthereumNews.com.

Malicious actors are now injecting malicious codes into legitimate projects to steal digital assets from unsuspecting users. According to reports, cybersecurity researchers have uncovered a sophisticated malware campaign that is targeting crypto users through compromised npm packages. According to the report, the attack specifically targets users of the Atomic and Exodus wallets, with the attacker hijacking transactions by injecting malicious codes that redirect funds to the attacker’s wallet. The latest campaign is in line with the ongoing chain of attacks against crypto users through software supply chain attacks. The origin of the attack is usually from the developers, with most of them unknowingly installing the compromised npm packages in their projects. One such package identified in this campaign is “pdf-to-office,” which appears normally and looks legitimate but contains hidden malicious codes. After it is installed, the package scans the user’s device for installed crypto wallets and injects the malicious code that is capable of intercepting and redirecting transactions without the user’s knowledge. Cybersecurity researchers flag malicious codes targeting crypto wallets The impact of this attack is very dire for victims, with the malicious codes capable of silently redirecting crypto transactions to the wallets controlled by the attacker. These attacks work across several digital assets, including Ethereum, Solana, XRP, and Tron-based USDT. The malware effectively carries out this attack, switching the wallet addresses from the legitimate one to the attacker-controlled address at the moment that a user wants to send funds. The malicious campaign was discovered by ReversingLabs researchers through their analysis of suspicious npm packages. The researchers mentioned that there are so many tell signs of malicious behaviors including the suspicious URL connections and code patterns similar to previously discovered malicious packages. They mentioned that there have been a number of campaigns that have attempted to use the malicious code…

---

Filed under: News - @ April 13, 2025 1:28 pm