#misteye

The post 822K Downloads at Risk: Malicious node-ipc Versions Spotted Stealing AWS and Private Keys appeared on BitcoinEthereumNews.com. Key Takeaways Slowmist flagged three malicious node-ipc versions on May 14, targeting over 822,000 weekly npm downloads. The 80KB payload steals 90+ credential categories, including AWS keys and .env files via DNS tunneling. Developers must immediately pin to clean node-ipc versions and rotate all potentially exposed secrets. Developer Secrets at Stake Blockchain security firm Slowmist flagged the attack via its Misteye threat intelligence system, identifying three rogue releases, namely versions 9.1.6, 9.2.3, and 12.0.1. The node-ipc package, used to enable inter-process communication (IPC) in Node.js environments, is embedded across decentralized application ( dApp) build pipelines, CI/CD systems, and developer tooling throughout the crypto ecosystem. The malicious releases were identified as versions 9.1.6, 9.2.3, and 12.0.1. The package averages ov

Three malicious versions of node-ipc, a foundational Node.js library used across Web3 build pipelines, were confirmed compromised on May 14, with security firm Slowmist warning that crypto developers relying on the package face immediate credential theft risk. Developer Secrets at Stake Blockchain security firm Slowmist flagged the attack via its Misteye threat intelligence system, identifying […]