Tag: github compromise
1 article

GitHub Compromise Injects Malicious npm Packages with Wallet-Key-Stealing Code
A malicious actor hijacked a trusted GitHub account and used it to inject wallet-key-stealing code into 18 npm packages, including Injective Labs' SDK, by exploiting the project's pipeline. This sneaky move allowed the attacker to spread the backdoor through a series of seemingly legitimate updates.