Rewards Hub Security research firm Zscaler ThreatLabz has identified three malicious npm packages masquerading as Bitcoin-related libraries, which were downloaded over 3,400 times before being removed. The packages, named bitcoin-main-lib, bitcoin-lib-js, and bip40, were used to deploy a remote access trojan (RAT) called NodeCordRAT. This malware is capable of stealing Chrome login credentials, API tokens, and MetaMask wallet private keys or seed phrases, and it operates through command control via Discord servers.
The malware activates through installation scripts without the developer's knowledge, highlighting the growing risk within the npm supply chain. Security teams are advised to remain vigilant as these threats continue to rise.
Zscaler ThreatLabz Uncovers Malicious npm Packages Targeting Bitcoin Libraries
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.