Malicious npm Packages: When Your PDF Converter Moonlights as a Crypto Thief
Threat actors are sneaking malicious packages like pdf-to-office into npm to stage software supply chain attacks. Masquerading as a PDF converter, it targets cryptocurrency wallets, swapping outgoing addresses with the attackers’ own. Even if removed, the malware persists, ensuring your crypto funds take a one-way trip to the hacker’s wallet.
Hot Take:
Oh, look! Another episode of “As the Code Turns,” where threat actors disguise their malicious intent as helpful software packages. Who knew a harmless PDF converter could double as a crypto-fund ninja, swapping your wallet address faster than a magician can pull a rabbit out of a hat? Bravo, cybercriminals, your creativity knows no bounds!
Key Points:
- Npm package “pdf-to-office” poses as a PDF to Word utility but injects malicious code into cryptocurrency wallets.
- The package is designed to swap out wallet destination addresses to redirect funds to the attacker.
- It specifically targets certain versions of Atomic Wallet and Exodus.
- Even if the malicious package is removed, compromised wallets continue to divert funds unless completely uninstalled and reinstalled.
- Similar tactics were used in malicious Visual Studio Code extensions affecting over a million installations.
Already a member? Log in here