Malicious npm Package Alert: Crypto Wallets Under Siege by ‘pdf-to-office’ Malware!

ReversingLabs has uncovered a malicious npm package called “pdf-to-office” targeting Atomic and Exodus crypto wallet users. This sneaky malware silently swaps recipient wallet addresses, hijacking transactions while remaining undetected. Even after removal, the compromised software stays infected, prompting a complete reinstallation to eliminate the threat.

3P
Published: April 10, 2025 8:48 pmAdded: April 10, 2025 at 2:16 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh, the irony! A package named “pdf-to-office” that promises to turn PDFs into Office documents but instead converts your crypto wallet into a generous donation platform for cybercriminals. Who knew document conversion could be so philanthropic?

Key Points:

  • ReversingLabs discovered a malicious npm package, “pdf-to-office,” targeting crypto wallets.
  • The malware patches legitimate wallet software files to hijack transactions.
  • Persistence of the malware remains even after the package is removed.
  • Targets specifically Atomic and Exodus wallets by swapping recipient wallet addresses.
  • Similar to past attacks using npm packages to inject malicious code.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?