Security News > 2024 > October > LottieFiles hit in npm supply chain attack targeting users' crypto

LottieFiles hit in npm supply chain attack targeting users' crypto

2024-10-31 09:02

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. [...]

News URL

https://www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/

#attack #crypto #NPM #supplychain

Related news

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
LottieFiles hacked in supply chain attack to steal users’ crypto (source)
LottieFiles supply chain attack exposes users to malicious crypto wallet drainer (source)
Australian Police conducted supply chain attack on criminal collaborationware (source)
Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups (source)

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.