List of Flash News about malicious npm package
Time | Details |
---|---|
2025-09-09 02:15 |
NPM Supply Chain Attack: Malicious Code in 1B+ Downloads Swaps Crypto Addresses, Traders Urged to Avoid On-Chain Activity
According to @rovercrc, a compromised NPM account injected malicious code into widely used packages with more than 1 billion cumulative downloads, indicating an active software supply chain attack (source: @rovercrc on X, Sep 9, 2025). The malware reportedly swaps crypto addresses to redirect funds and may also target software wallets, creating direct theft risk during transactions (source: @rovercrc on X, Sep 9, 2025). The source advises hardware wallet users to double-check every transaction before signing and recommends non-hardware wallet users avoid on-chain transactions for now (source: @rovercrc on X, Sep 9, 2025). For traders, this advisory signals heightened operational risk for on-chain executions and wallet interactions until the compromised packages are identified and remediated (source: @rovercrc on X, Sep 9, 2025). |