Security researchers are warning that threat actors are using less noticeable techniques to compromise and steal funds from crypto wallets.
Cybersecurity firm ReversingLabs says that cybercriminals are now uploading malicious packages to popular open-source software repositories such as the npm (Node Package Manager).
The objective is to inject malicious code into trusted local libraries without raising suspicion.
According to ReversingLabs, its research team has identified a new malware campaign targeting crypto users that uses what appears to be a legitimate npm package for converting PDF format files into Microsoft Office documents.
When executed, the pdf-to-office npm package will inject malicious code into locally-installed Atomic and Exodus crypto wallets and overwrite their existing, non-malicious files to switch the address for outgoing crypto funds. When a compromised user attempts to send crypto assets to another wallet, the funds will be sent to one controlled by the malicious actors.
ReversingLabs says removing the package will not be enough to terminate the malicious activities.
“The Web3 wallets’ software would remain compromised and continue to channel crypto funds to the attackers’ wallet. The only way to completely remove the malicious trojanized files from the Web3 wallets’ software would be to remove them completely from the computer and re-install them.”
Follow us on X, Facebook and Telegram
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
