No Result
View All Result
SUBMIT YOUR ARTICLES
  • Login
Saturday, July 11, 2026
TheAdviserMagazine.com
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal
No Result
View All Result
TheAdviserMagazine.com
No Result
View All Result
Home Market Research Cryptocurrency

NPM Attack Injects Crypto-Stealing Malware Into Core JavaScript Libraries

by TheAdviserMagazine
10 months ago
in Cryptocurrency
Reading Time: 2 mins read
A A
NPM Attack Injects Crypto-Stealing Malware Into Core JavaScript Libraries
Share on FacebookShare on TwitterShare on LInkedIn


Hackers have compromised widely used JavaScript software libraries in what’s being called the largest supply chain attack in history. The injected malware is reportedly designed to steal crypto by swapping wallet addresses and intercepting transactions.

According to several reports on Monday, hackers broke into the node package manager (NPM) account of a well-known developer and secretly added malware to popular JavaScript libraries used by millions of apps.

The malicious code swaps or hijacks crypto wallet addresses, potentially putting many projects at risk.

“There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised,” Ledger Chief Technology Officer Charles Guillemet warned on Monday. “The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.”

Source: Minal Thukral

The breach targeted packages such as chalk, strip-ansi and color-convert — small utilities buried deep in the dependency trees of countless projects. Together, these libraries are downloaded more than a billion times each week, meaning even developers who never installed them directly could be exposed.

NPM is like an app store for developers — a central library where they share and download small code packages to build JavaScript projects.

Attackers appear to have planted a crypto-clipper, a type of malware that silently replaces wallet addresses during transactions to divert funds.

Security researchers warned that users relying on software wallets may be especially vulnerable, while those confirming every transaction on a hardware wallet are protected.

Phishing emails gave attackers access to NPM maintainer accounts

Attackers sent emails posing as official NPM support, warning maintainers that their accounts would be locked unless they “updated” two-factor authentication by September 10.

The fake site captured login credentials, giving hackers control over a maintainer’s account. Once inside, the attackers pushed malicious updates to packages with billions of weekly downloads.

Charlie Eriksen, a researcher at Aikido Security, told BleepingComputer the attack was especially dangerous because it operated “at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users’ apps believe they are signing.”

JavaScript, Hackers
Phishing email sent to JavaScript developers on Monday. Source: Github/Burnett01

This is a developing story, and further information will be added as it becomes available.

Magazine: Inside a 30,000 phone bot farm stealing crypto airdrops from real users



Source link

Tags: attackCoreCryptoStealingInjectsJavaScriptLibrariesMalwareNPM
ShareTweetShare
Previous Post

Signet (SIG) remains well-positioned for its all-important season, here’s why

Next Post

5 Dividend “Rules” That Don’t Hold Up in 2025

Related Posts

edit post
Peckshield: .25 Million Drained From Hedera and Bridged to Ethereum in Suspected Exploit

Peckshield: $5.25 Million Drained From Hedera and Bridged to Ethereum in Suspected Exploit

by TheAdviserMagazine
July 11, 2026
0

Key TakeawaysPeckshield flagged $5.25M bridged from Hedera to Ethereum on July 11 after a suspected mainnet exploit.The attacker holds 2,360...

edit post
Stablecoins May Improve FX Access but Worsen Currency Runs: IMF

Stablecoins May Improve FX Access but Worsen Currency Runs: IMF

by TheAdviserMagazine
July 11, 2026
0

Dollar stablecoins could improve access to foreign currency in economies with fixed or heavily managed exchange rates, but may also...

edit post
Bitcoin Bulls Eye ,000 As Relief Rally Runs Into A Real Resistance Test

Bitcoin Bulls Eye $59,000 As Relief Rally Runs Into A Real Resistance Test

by TheAdviserMagazine
July 10, 2026
0

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure Bitcoin Bulls Eye $59,000 as Relief Rally...

edit post
Bitcoin’s  billion credit market keeps growing after its first major selloff

Bitcoin’s $10 billion credit market keeps growing after its first major selloff

by TheAdviserMagazine
July 10, 2026
0

Bitcoin’s more than $10 billion corporate credit market is still attracting new entrants after a June selloff triggered margin calls...

edit post
Circle Bags Approval To Launch First National Crypto Bank, CRCL Stock Shoots 10%

Circle Bags Approval To Launch First National Crypto Bank, CRCL Stock Shoots 10%

by TheAdviserMagazine
July 10, 2026
0

Circle Internet Group, Inc. (NYSE: CRCL), a financial technology firm, announced today that it has received approval from the U.S....

edit post
Circle Becomes “First Stablecoin Issuer” to Win US National Trust Bank Approval

Circle Becomes “First Stablecoin Issuer” to Win US National Trust Bank Approval

by TheAdviserMagazine
July 10, 2026
0

Circle has received final approval from the US Office of the Comptroller of the Currency to establish a national trust...

Next Post
edit post
5 Dividend “Rules” That Don’t Hold Up in 2025

5 Dividend “Rules” That Don’t Hold Up in 2025

edit post
10 Portfolio Rebalancing Mistakes Investors Keep Repeating

10 Portfolio Rebalancing Mistakes Investors Keep Repeating

  • Trending
  • Comments
  • Latest
edit post
Mass Fraud in Massachusetts Committed by Illegal Immigrants Discovered

Mass Fraud in Massachusetts Committed by Illegal Immigrants Discovered

June 22, 2026
edit post
New York Seniors: 6 STAR Tax Relief Rules That Could Put a Bigger Check in Your Mailbox

New York Seniors: 6 STAR Tax Relief Rules That Could Put a Bigger Check in Your Mailbox

June 20, 2026
edit post
5 Pennsylvania Rebate Rules Seniors Should Check Before the Property Tax/Rent Deadline

5 Pennsylvania Rebate Rules Seniors Should Check Before the Property Tax/Rent Deadline

June 18, 2026
edit post
Bristlecone pines growing in the White Mountains of California germinated before the Great Pyramid was built, and the oldest one alive today, nicknamed Methuselah, has been quietly adding rings for 4,855 years in soil so poor almost nothing else survives beside it

Bristlecone pines growing in the White Mountains of California germinated before the Great Pyramid was built, and the oldest one alive today, nicknamed Methuselah, has been quietly adding rings for 4,855 years in soil so poor almost nothing else survives beside it

July 8, 2026
edit post
Retail giant exits U.S. fashion after multi-million-dollar scandal

Retail giant exits U.S. fashion after multi-million-dollar scandal

July 1, 2026
edit post
Same Portfolio. Same Retirement. A 10-Mile Move Costs One Couple ,000 A Year

Same Portfolio. Same Retirement. A 10-Mile Move Costs One Couple $10,000 A Year

June 27, 2026
edit post
No escape from inflation: ‘Godzilla’ El Niño, AI boom, tariffs, and fuel crunch to keep prices high

No escape from inflation: ‘Godzilla’ El Niño, AI boom, tariffs, and fuel crunch to keep prices high

0
edit post
Mag 7 and software could boost portfolio in second half: ETF Action

Mag 7 and software could boost portfolio in second half: ETF Action

0
edit post
Ethereum Foundation AI Agent Research Shows Where Smart Contracts May Be Heading Next

Ethereum Foundation AI Agent Research Shows Where Smart Contracts May Be Heading Next

0
edit post
Canada’s Growing Aerospace And Defense Sector

Canada’s Growing Aerospace And Defense Sector

0
edit post
US Air Attacks on Iran Continue – Again

US Air Attacks on Iran Continue – Again

0
edit post
Judges: Flouting court rulings exposes public servants to lawsuits

Judges: Flouting court rulings exposes public servants to lawsuits

0
edit post
No escape from inflation: ‘Godzilla’ El Niño, AI boom, tariffs, and fuel crunch to keep prices high

No escape from inflation: ‘Godzilla’ El Niño, AI boom, tariffs, and fuel crunch to keep prices high

July 11, 2026
edit post
Johnson & Johnson Travel Ready First Aid Kit 80-Piece only .35 shipped (Reg. +)

Johnson & Johnson Travel Ready First Aid Kit 80-Piece only $5.35 shipped (Reg. $14+)

July 11, 2026
edit post
Mag 7 and software could boost portfolio in second half: ETF Action

Mag 7 and software could boost portfolio in second half: ETF Action

July 11, 2026
edit post
Dollar Tree makes key move to keep popular items in stock

Dollar Tree makes key move to keep popular items in stock

July 11, 2026
edit post
Peckshield: .25 Million Drained From Hedera and Bridged to Ethereum in Suspected Exploit

Peckshield: $5.25 Million Drained From Hedera and Bridged to Ethereum in Suspected Exploit

July 11, 2026
edit post
The Sahel is home to roughly 300 million people on the Sahara’s southern edge — a strip of thin soil and scarce rain where a single failed harvest becomes a crisis with no safety net

The Sahel is home to roughly 300 million people on the Sahara’s southern edge — a strip of thin soil and scarce rain where a single failed harvest becomes a crisis with no safety net

July 11, 2026
The Adviser Magazine

The first and only national digital and print magazine that connects individuals, families, and businesses to Fee-Only financial advisers, accountants, attorneys and college guidance counselors.

CATEGORIES

  • 401k Plans
  • Business
  • College
  • Cryptocurrency
  • Economy
  • Estate Plans
  • Financial Planning
  • Investing
  • IRS & Taxes
  • Legal
  • Market Analysis
  • Markets
  • Medicare
  • Money
  • Personal Finance
  • Social Security
  • Startups
  • Stock Market
  • Trading

LATEST UPDATES

  • No escape from inflation: ‘Godzilla’ El Niño, AI boom, tariffs, and fuel crunch to keep prices high
  • Johnson & Johnson Travel Ready First Aid Kit 80-Piece only $5.35 shipped (Reg. $14+)
  • Mag 7 and software could boost portfolio in second half: ETF Action
  • Our Great Privacy Policy
  • Terms of Use, Legal Notices & Disclosures
  • Contact us
  • About Us

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Home
  • Financial Planning
    • Financial Planning
    • Personal Finance
  • Market Research
    • Business
    • Investing
    • Money
    • Economy
    • Markets
    • Stocks
    • Trading
  • 401k Plans
  • College
  • IRS & Taxes
  • Estate Plans
  • Social Security
  • Medicare
  • Legal

© Copyright 2024 All Rights Reserved
See articles for original source and related links to external sites.