Research Saturday

Hijacking wallets with malicious patches.

Listen Later

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses.

ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications.

The research can be found here:

  • ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign

    Learn more about your ad choices. Visit megaphone.fm/adchoices

    ...more
    View all episodesView all episodes
    Download on the App Store
    Research SaturdayBy N2K Networks
    • 4.4
    • 4.4
    • 4.4
    • 4.4
    • 4.4

    4.4

    8 ratings

    More shows like Research Saturday

    View all
    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    638 Listeners

    CyberWire Daily by N2K Networks

    CyberWire Daily

    1,023 Listeners

    Smashing Security by Graham Cluley

    Smashing Security

    322 Listeners

    Click Here by Recorded Future News

    Click Here

    415 Listeners

    Cybersecurity Today by Jim Love

    Cybersecurity Today

    174 Listeners

    Hacking Humans by N2K Networks

    Hacking Humans

    314 Listeners

    CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

    CISO Series Podcast

    189 Listeners

    Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

    Defense in Depth

    73 Listeners

    Caveat by N2K Networks

    Caveat

    94 Listeners

    Career Notes by N2K Networks

    Career Notes

    15 Listeners

    Word Notes by N2K Networks

    Word Notes

    19 Listeners

    Cyber Security Headlines by CISO Series

    Cyber Security Headlines

    134 Listeners

    Hacker And The Fed by Chris Tarbell & Hector Monsegur

    Hacker And The Fed

    169 Listeners

    Passwort - der Podcast von heise security by Dr. Christopher Kunz, Sylvester Tremmel

    Passwort - der Podcast von heise security

    3 Listeners

    The AI Fix by Graham Cluley and Mark Stockley

    The AI Fix

    33 Listeners