Beware: Sneaky NPM Packages Target PayPal and Crypto Wallets—Guard Your Funds!

Hackers, masquerading as helpful developers, have been publishing malicious NPM packages to fool PayPal and cryptocurrency wallet users. They use PayPal-themed names to trick developers into installing them, only to harvest sensitive information. The moral of the story? Always read the fine print—especially when it’s disguised as a friendly package!

3P
Published: April 14, 2025 10:43 amAdded: April 14, 2025 at 3:56 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like cybercriminals have found a new gig moonlighting as package managers! Who knew npm could stand for ‘No PayPal Money’ and ‘Not My Precious’ wallet? Time to double-check those installations, because “npm i” might just mean “installing a new problem”.

Key Points:

  • Threat actors are publishing malicious NPM packages targeting PayPal and cryptocurrency wallet users.
  • The malicious packages include names such as oauth2-paypal, buttonfactoryserv-paypal, and pdf-to-office.
  • A preinstall hook is used to execute malicious scripts and steal sensitive information.
  • Compromised packages can hijack cryptocurrency transactions, sending funds to attackers’ wallets.
  • Users must completely remove and reinstall compromised wallet applications to secure their funds.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?