Logo
npm Blog Archive: Plot to steal cryptocurrency foiled by the npm security team

npm Blog Archive: Plot to steal cryptocurrency foiled by the npm security team

#Operations Management#Security Operations

Incident response framework focused on remote live forensics

Visit Website

Yesterday, npm, Inc. Takes Action Against Malware Threat

The security team at npm, Inc., working together with Komodo, successfully protected over $13 million USD in cryptocurrency assets. This was achieved by identifying and responding to a malware threat that was targeting users of the Agama cryptocurrency wallet.

The attack aimed to infiltrate

The attack aimed to infiltrate the build chain for Agama by introducing a malicious package, with the goal of stealing wallet seeds and other login passphrases used within the application.

Detailed Information

The details provided here are essential for understanding the topic at hand.

The attack was executed using a popular method

The attack was executed by employing a method that is increasingly gaining popularity: publishing a seemingly "useful" package (electron-native-notify) to npm, waiting for it to be adopted by the target, and then updating it to incorporate a malicious payload.

The GitHub user sawlysawly published a new commit

The GitHub user sawlysawly published this commit on March 8th. This commit added electron-native-notify version ^1.1.5 as a dependency to the EasyDEX-GUI application, which is utilized as part of the Agama wallet.

The Next Version of Electron-Native-Notify: Key Updates

The next version of electron-native-notify was released 15 days later and marked the first instance of a malicious payload being included. Following this, Agama version v0.3.5 was launched on April 13. Electron Native Notify Publication Timeline: “1.0.0”: “2019-03-06T23:54:33.625Z” “1.0.1”: “2019-03-07T03:07:45.585Z” “1.0.2”: “2019-03-07T03:10:00.491Z”