Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor

2024-10-22 09:33

Cybersecurity researchers have discovered a number of suspicious packages published to the npm registry that are designed to harvest Ethereum private keys and gain remote access to the machine via the secure shell (SSH) protocol. The packages attempt to "gain SSH access to the victim's machine by writing the attacker’s SSH public key in the root user’s authorized_keys file," software supply

News URL

https://thehackernews.com/2024/10/malicious-npm-packages-target.html

#backdoor #developer #ethereum #NPM #SSH #wallets

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Ethereum		9	3	18	12	1	34
SSH		8	2	8	4	2	16

News URL

Related news

Related vendor