Malware Report
Title
Typosquat of popular Ethereum package on npm sends private keys to remote server
Report Author
Phylum Research Team
Published At
1691211600000
Updated At
1691211600000
Description
On Aug 3, 2023 Phylum’s automated risk detection platform alerted us to a series of suspicious publications on npm. The attacker eventually published final versions of two packages: a typosquat of a popular cryptocurrency library and a dependency that contained the malicious code buried deep in a large file
Malware Packages (4)
The following malware packages were identified in this report.
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |
|---|---|---|---|---|---|
| NPM Module | @jackshanyeshuzi/curvess | @jackshanyeshuzi | 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9 | On Aug 3, 2023 Phylum’s automated risk detection platform alerted us to a series of suspicious publications on npm. The attacker eventually published final versions of two packages: a typosquat of a popular cryptocurrency library and a dependency that contained the malicious code buried deep in a large file | |
| NPM Module | ethereum-cryptograph | @jackshanyeshuzi | 1.0.3 | On Aug 3, 2023 Phylum’s automated risk detection platform alerted us to a series of suspicious publications on npm. The attacker eventually published final versions of two packages: a typosquat of a popular cryptocurrency library and a dependency that contained the malicious code buried deep in a large file | |
| NPM Module | ethereum-cryptographyy | @jackshanyeshuzi | 2.1.2 | On Aug 3, 2023 Phylum’s automated risk detection platform alerted us to a series of suspicious publications on npm. The attacker eventually published final versions of two packages: a typosquat of a popular cryptocurrency library and a dependency that contained the malicious code buried deep in a large file | |
| NPM Module | ethereum-cryptographyyy | @jackshanyeshuzi | 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.9 | On Aug 3, 2023 Phylum’s automated risk detection platform alerted us to a series of suspicious publications on npm. The attacker eventually published final versions of two packages: a typosquat of a popular cryptocurrency library and a dependency that contained the malicious code buried deep in a large file | |
| Package Type | Name | Attack Strategy | Package Author | Versions | Description |