Security News > 2024 > October > LottieFiles hit in npm supply chain attack targeting users' crypto

LottieFiles hit in npm supply chain attack targeting users' crypto

2024-10-31 09:02

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. [...]

News URL

https://www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/

#attack #crypto #NPM #supplychain

Related news

North Korea targets crypto developers via NPM supply chain attack (source)
It's only a matter of time before LLMs jump start supply-chain attacks (source)
New Web3 attack exploits transaction simulations to steal crypto (source)
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
IPany VPN breached in supply-chain attack to push custom malware (source)
Supply chain attack hits Chrome extensions, could expose millions (source)
Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack (source)

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.