Security News > 2024 > December > Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
2024-12-20 08:39
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
News URL
https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware (source)
- Abandoned AWS S3 buckets can be reused in supply-chain attacks that would make SolarWinds look 'insignificant' (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack (source)