Three compromised versions of the node-ipc library, crucial for Node.js environments, have been identified, posing a significant threat to crypto developers. Security firm Slowmist reported on May 14 that versions 9.1.6, 9.2.3, and 12.0.1 of node-ipc were maliciously altered to steal over 90 types of credentials, including AWS keys and .env files, affecting over 822,000 weekly npm downloads.
The attack exploits a dormant maintainer account, allowing the attacker to re-register an expired email domain and gain publish access. The malicious payload, embedded in the CommonJS bundle, activates automatically, exfiltrating data via DNS tunneling. Developers are urged to audit their projects for these versions and revert to clean releases to mitigate credential theft risks.
Malicious Node-ipc Versions Compromise 822K Weekly Downloads, Steal AWS Keys
Aviso legal: El contenido de Phemex News es únicamente informativo.No garantizamos la calidad, precisión ni integridad de la información procedente de artículos de terceros.El contenido de esta página no constituye asesoramiento financiero ni de inversión.Le recomendamos encarecidamente que realice su propia investigación y consulte con un asesor financiero cualificado antes de tomar cualquier decisión de inversión.