TrapDoor malware campaign steals crypto wallet data through fake developer tools

Hackers secretly targeted crypto and AI developers using TrapDoor malware, stealing wallets, credentials, SSH keys, and sensitive company network access data. A sneaky cyberattack is targeting software developers. Specifically, it is dedicated to individuals who are involved in cryptocurrency and AI. The attack was discovered on Friday by a company called Socket. They then published […] The post Hackers Secretly Target Crypto Developers With Dangerous TrapDoor Malware appeared first on Live Bitcoin News.

GitHub has confirmed that thousands of its internal repositories were accessed without authorization, prompting fresh warnings from Binance founder Changpeng “CZ” Zhao for crypto developers to immediately rotate API keys stored in code repositories. According to a statement published by…

Mini Shai-Hulud npm campaign compromises @antv packages, targeting blockchain developers’ GitHub tokens, AWS keys, and CI/CD secrets in a coordinated supply chain attack. The malicious publishes started just before 2 a.m. UTC on May 19. By the time most developers on the East Coast had their first coffee, the damage was already done. Socket’s Threat […] The post npm Supply Chain Attack Hits @antv: Blockchain Dev Secrets Now Exposed appeared first on Live Bitcoin News.

The post Node-ipc supply chain attack targets crypto devs appeared on BitcoinEthereumNews.com. Three poisoned versions of node-ipc went live on the npm registry on May 14, according to SlowMist. Attackers hijacked a dormant maintainer account and pushed code designed to siphon developer credentials, private keys, exchange API secrets, the works, straight out of .env files. node-ipc is a popular Node.js package that lets different programs talk to each other on the same machine, or sometimes across a network. SlowMist catches the breach Blockchain security firm, SlowMist, spotted the breach through their MistEye threat intel system. Versions 9.1.6, 9.2.3, and 12.0.1 MistEye found three malicious versions including: Version 9.1.6. Version 9.2.3. Version 12.0.1. All of the above verions carried the same obfuscated 80 KB payload. Node-ipc handles inter-process communication in Node.js. It basically helps Node.js programs send messages back and forth. Over 822,000 people download it each we

OpenAI says malware tied to the Shai-Hulud supply chain attack accessed internal repositories after infecting two employee devices.

The post OpenAI says no user data exposed after TanStack npm supply chain attack hit employee devices appeared on BitcoinEthereumNews.com. OpenAI has admitted that two employee devices were compromised through malicious versions of TanStack npm packages. The company is insisting that no evidence that user data, production systems, or intellectual property were tampered with was found. Was OpenAI hacked? OpenAI has confirmed that malicious actors breached two of its employee devices as part of a massive software supply chain campaign called “Mini Shai-Hulud.” OpenAI previously deployed controls to limit supply chain attack exposure after an incident with Axios, but the two affected employee devices had not yet received the updated configurations that would have blocked the malicious package download. The attack targeted TanStack, an open-source library used by millions of developers. The attackers published 84 malicious versions across 42 npm packages, including the popular @tanstack/re

The post TanStack, Mistral AI, UiPath targeted in major supply chain attack compromising 170+ packages appeared on BitcoinEthereumNews.com. A coordinated software supply chain attack compromised over 170 packages across the npm and PyPI registries on May 11, hitting some of the most widely used developer tools in the ecosystem. TanStack, Mistral AI, UiPath, and Guardrails AI were among the primary victims. The attack, dubbed “Mini Shai-Hulud,” was carried out by a group calling itself TeamPCP. Between 373 and 404 malicious package versions were published in a roughly five-hour window, each designed to look indistinguishable from legitimate releases. How the attack worked The attackers exploited vulnerabilities in GitHub Actions workflows, specifically targeting a misconfigured pull_request_target workflow combined with cache poisoning techniques. They also abused OpenID Connect (OIDC) tokens, which are used to authenticate automated publishing pipelines between GitHub and package regis

The attack highlights the critical need for enhanced security measures in software supply chains to protect digital asset infrastructures. The post TanStack, Mistral AI, UiPath targeted in major supply chain attack compromising 170+ packages appeared first on Crypto Briefing.