Three compromised versions of the node-ipc library, crucial for Node.js environments, have been identified, posing a significant threat to crypto developers. Security firm Slowmist reported on May 14 that versions 9.1.6, 9.2.3, and 12.0.1 of node-ipc were maliciously altered to steal over 90 types of credentials, including AWS keys and .env files, affecting over 822,000 weekly npm downloads.
The attack exploits a dormant maintainer account, allowing the attacker to re-register an expired email domain and gain publish access. The malicious payload, embedded in the CommonJS bundle, activates automatically, exfiltrating data via DNS tunneling. Developers are urged to audit their projects for these versions and revert to clean releases to mitigate credential theft risks.
Malicious Node-ipc Versions Compromise 822K Weekly Downloads, Steal AWS Keys
Avertissement : Le contenu proposé sur Phemex News est à titre informatif uniquement. Nous ne garantissons pas la qualité, l'exactitude ou l'exhaustivité des informations provenant d'articles tiers. Ce contenu ne constitue pas un conseil financier ou d'investissement. Nous vous recommandons vivement d'effectuer vos propres recherches et de consulter un conseiller financier qualifié avant toute décision d'investissement.