Experts have found a malicious npm package that consists of stealthy features to deploy malicious code into pc apps targeting crypto wallets such as Exodus and Atomic.
About the package
Termed as “nodejs-smtp,” the package imitates the genuine email library nodemailer with the same README descriptions, page styling, and tagline, bringing around 347 downloads since it was uploaded to the npm registry earlier this year by a user “nikotimon.”
It is not available anymore. Socket experts Krill Boychenko said, “On import, the package uses Electron tooling to unpack Atomic Wallet’s app.asar, replace a vendor bundle with a malicious payload, repackage the application, and remove traces by deleting its working directory.”
What is the CIS build kit?
The aim is to overwrite the recipient address with hard-coded wallets handled by a cybercriminal. The package delivers by working as an SMTP-based mailer while trying to escape developers’ attention.
This has surfaced after ReversingLabs found an npm package called “pdf-to-office” that got the same results by releasing the “app.asar” archives linked to Exodus and Atomic wallets and changing the JavaScript file inside them to launch the clipper function.
According to Boychenko, “this campaign shows how a routine import on a developer workstation can quietly mod
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: