SlowMist has identified a cross-registry supply chain attack targeting developers in the cryptocurrency, DeFi, Solana, Sui/Move, and AI sectors. The attack, detected by SlowMist's MistEye system, involves over 34 malicious packages and more than 384 versions across npm, PyPI, and Crates.io registries. These packages aim to steal sensitive information such as crypto wallets, SSH keys, and cloud credentials.
The attack employs various methods to maintain persistence, including Git hooks and systemd. SlowMist advises developers to remove affected packages, isolate compromised systems, rotate credentials, and rebuild environments from clean images. A thorough review of GitHub, cloud services, and wallet activities is also recommended to mitigate risks.
SlowMist Uncovers Cross-Registry Supply Chain Attack on Crypto and AI Developers
Haftungsausschluss: Die auf Phemex News bereitgestellten Inhalte dienen nur zu Informationszwecken.Wir garantieren nicht die Qualität, Genauigkeit oder Vollständigkeit der Informationen aus Drittquellen.Die Inhalte auf dieser Seite stellen keine Finanz- oder Anlageberatung dar.Wir empfehlen dringend, eigene Recherchen durchzuführen und einen qualifizierten Finanzberater zu konsultieren, bevor Sie Anlageentscheidungen treffen.