Malicious NPM Packages Compromise Crypto Devs With Over 2.72M Downloads

Cyfirma Research has identified a sophisticated cryptocurrency-focused software supply chain campaign involving multiple malicious npm packages.

The investigation found that eleven highly suspicious packages, including Moralis-sMdk and ethers-jss, had accumulated more than 2.72 million downloads, significantly increasing the potential impact of the campaign.

The packages employed various techniques such as typosquatting, brand impersonation, npm lifecycle hook abuse, credential harvesting, wallet theft, remote payload delivery, and blockchain-based command-and-control mechanisms to compromise developer environments and facilitate further malicious activity.