Malware Report

Title

Dormant npm Package Update Targets Ethereum Private Keys

URL

https://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys/

Report Author

Phylum Research Team

Published At

1693630800000

Updated At

1693630800000

Description

On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to

Malware Packages (1)

The following malware packages were identified in this report.

Package Type	Name	Attack Strategy	Package Author	Versions	Description
NPM Module	hardhat-gas-report				Beware of npm imposters! 14 fraudulent packages found in the registry, posing as legit tools. They aim to steal your Kubernetes configs and SSH keys.
Package Type	Name	Attack Strategy	Package Author	Versions	Description