Tag: cryptotheft
6 articles

JavaScript packages Risky: Exclusive Crypto-Theft Alert
Eighteen popular JavaScript packages — downloaded billions of times a week — were briefly compromised after a maintainer fell for a phishing email, with code added to steal crypto keys before it was quickly removed. The scare is a wake-up call: tighten maintainer access, adopt signing and provenance, and treat dependencies like critical third-party software.

North Korean hackers: Stunning $2B Crypto Heist — Alarming
Elliptic reveals North Korean-linked hackers have grabbed a record $2B in crypto this year, using smart hacks and clever laundering to dodge sanctions — a wake-up call about how quickly digital assets can be weaponized. Stronger defenses, better on-ramps and international cooperation are urgently needed to stop the next haul.

ConnectWise ScreenConnect Risky Exploit: Stunning AsyncRAT
Imagine your trusted remote-admin tool becoming the very doorway attackers use to steal credentials and siphon crypto—researchers found ConnectWise ScreenConnect sessions abused to run a fleshless, in-memory VBScript loader that dropped AsyncRAT to harvest keys, keystrokes, and wallets. Harden RMM access, monitor session scripts, and assume compromise—because when legitimate tooling is weaponized, detection needs to get smarter fast.

malicious npm package: Risky Crypto-Theft Exclusive Alert
A malicious npm package posing as the popular nodemailer email library slipped into projects with one line of dependency and carried code designed to siphon cryptocurrency—showing how a single careless install can turn a routine dependency into a financial threat. Audit your dependencies, pin versions, and use supply‑chain tools—convenience shouldn’t cost you your wallet.

developer AI assistants Risky: Stunning Supply-Chain Threat
A newly discovered supply‑chain attack on the Nx npm package used AI‑enabled malware to siphon developer secrets and crypto, showing how trusted code helpers can be turned into attack vectors. Treat AI suggestions as untrusted—use package signing, strict dependency pinning, least‑privilege environments, and thorough scans to keep your toolchain safe.

witness intimidation: Stunning Risky Crime, Harsher Time
When the alleged leader of a cross-border crypto theft ring assaulted a witness, jurors added decades to the sentence — a stark reminder that violence to silence witnesses not only invites harsher punishment but also makes tracing and prosecuting digital theft far harder.