Security researchers are warning that threat actors are using less noticeable techniques to compromise and steal funds from crypto wallets.

Cybersecurity firm ReversingLabs says that cybercriminals are now uploading malicious packages to popular open-source software repositories such as the npm (Node Package Manager).

The objective is to inject malicious code into trusted local libraries without raising suspicion. 

According to ReversingLabs, its research team has identified a new malware campaign targeting crypto users that uses what appears to be a legitimate npm package for converting PDF format files into Microsoft Office documents. 

When executed, the pdf-to-office npm package will inject malicious code into locally-installed Atomic and Exodus crypto wallets and overwrite their existing, non-malicious files to switch the address for outgoing crypto funds. When a compromised user attempts to send crypto assets to another wallet, the funds will be sent to one controlled by the malicious actors.

ReversingLabs says removing the package will not be enough to terminate the malicious activities. 

“The Web3 wallets’ software would remain compromised and continue to channel crypto funds to the attackers’ wallet. The only way to completely remove the malicious trojanized files from the Web3 wallets’ software would be to remove them completely from the computer and re-install them.”

Follow us on X, Facebook and Telegram

Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox

Check Price Action

Surf The Daily Hodl Mix

Generated Image: Midjourney