Skip to main content

Tag: github compromise

1 article

Developer workstation with code on laptop screen and GitHub/npm interface in background.

GitHub Compromise Injects Malicious npm Packages with Wallet-Key-Stealing Code

A malicious actor hijacked a trusted GitHub account and used it to inject wallet-key-stealing code into 18 npm packages, including Injective Labs' SDK, by exploiting the project's pipeline. This sneaky move allowed the attacker to spread the backdoor through a series of seemingly legitimate updates.

Analyst 207