CoinInsight360.com logo CoinInsight360.com logo
America's Social Casino

BitcoinSistemi 2025-04-10 20:59:07

New Trojan Alert Affecting Cryptocurrency Users – Don’t Download the File With This Name!

In response to a growing wave of cyberattacks targeting the cryptocurrency community, threat actors have launched a sophisticated software supply chain aimed at compromising widely used Web3 wallets, including Atomic Wallet and Exodus. According to researchers at ReversingLabs (RL), the malicious campaign centers on the npm package manager, a popular platform for JavaScript and Node.js developers. Attackers are installing a deceptive package called pdf-to-office, which is falsely promoted as a utility for converting PDF files to Microsoft Office formats. Instead, the package carries malicious code designed to hijack local installations of legitimate crypto wallet software. Once executed, the pdf-to-office suite silently injects malicious patches into locally installed versions of Atomic Wallet and Exodus. These patches replace the legitimate code with a modified version that allows attackers to intercept and redirect cryptocurrency transactions. In practice, users attempting to send funds would find that their transactions were being redirected to a wallet controlled by the attackers, with no visible signs of tampering. Related News: Will the Justice Department's "Stop Cryptocurrency Operations" Order Benefit Terra (LUNA) Case and Do Kwon? Prosecutors Made a Statement The attack exploited a subtle and increasingly popular technique: Instead of directly hijacking upstream open-source packages, malicious actors now inject malicious code into local environments by patching legitimate software already installed on the victim's system. The pdf-to-office package first appeared on npm in March 2025 and has had multiple versions released in succession. The latest version, 1.1.2, was released on April 1. RL researchers detected the package using machine learning-driven behavioral analysis on the Spectra Assure platform. The code was found to contain obfuscated JavaScript, a common red flag in recent npm malware campaigns. Notably, the effects persisted even after the malicious package was deleted. Once the Web3 wallets were patched, simply removing the fake npm package did not eliminate the threat. Victims had to completely uninstall and reinstall their wallet application to remove the trojan components and restore wallet integrity. *This is not investment advice. Continue Reading: New Trojan Alert Affecting Cryptocurrency Users – Don’t Download the File With This Name!

Leggi la dichiarazione di non responsabilità : Tutti i contenuti forniti nel nostro sito Web, i siti con collegamento ipertestuale, le applicazioni associate, i forum, i blog, gli account dei social media e altre piattaforme ("Sito") sono solo per le vostre informazioni generali, procurati da fonti di terze parti. Non rilasciamo alcuna garanzia di alcun tipo in relazione al nostro contenuto, incluso ma non limitato a accuratezza e aggiornamento. Nessuna parte del contenuto che forniamo costituisce consulenza finanziaria, consulenza legale o qualsiasi altra forma di consulenza intesa per la vostra specifica dipendenza per qualsiasi scopo. Qualsiasi uso o affidamento sui nostri contenuti è esclusivamente a proprio rischio e discrezione. Devi condurre la tua ricerca, rivedere, analizzare e verificare i nostri contenuti prima di fare affidamento su di essi. Il trading è un'attività altamente rischiosa che può portare a perdite importanti, pertanto si prega di consultare il proprio consulente finanziario prima di prendere qualsiasi decisione. Nessun contenuto sul nostro sito è pensato per essere una sollecitazione o un'offerta