According to new research from cybersecurity company Aikido Security, a significant JavaScript supply chain attack has compromised hundreds of software packages, with at least 10 widely used in the cryptocurrency ecosystem.
In a post on Monday, Aikido Security researcher Charlie Eriksen shared the names of over 400 software packages showing signs of infection from the self-replicating malware "Shai Hulud," which is being used in an ongoing JavaScript NPM library supply chain attack. Eriksen stated that he verified each detection to avoid false positives.
Many cryptocurrency-related packages are downloaded tens of thousands of times each week, and numerous other packages depend on them to function. In a post on X earlier today, Eriksen also warned the Ethereum Name Service (ENS) team that several of their packages were affected.
Shai Hulud is part of a broader trend of supply chain attacks. In early September of this year, in the largest reported NPM attack to date, hackers stole $50 million in cryptocurrency. Amazon Web Services noted that just a week after the initial attack, the Shai-Hulud worm began to spread automatically.
While previous attacks directly targeted cryptocurrencies to steal assets, Shai Hulud is a general-purpose credential-stealing malware capable of automatically spreading within developer infrastructure. If the infected environment contains wallet keys, the malware will steal them as "secrets," just like other credentials.
Among all the affected packages, at least 10 are directly related to the cryptocurrency industry, almost all of which are associated with ENS, a human-readable address naming service. Affected packages include ENS's content-hash, which has nearly 36,000 weekly downloads and is depended on by 91 packages, as well as address-encoder, which has over 37,500 weekly downloads.
Other affected ENS packages include ensjs (over 30,000 weekly downloads), ens-validation (1,750 weekly downloads), ethereum-ens (12,650 weekly downloads), and ens-contracts (nearly 3,100 weekly downloads). A cryptocurrency-related package not associated with ENS, named crypto-addr-codec, was also compromised, with nearly 35,000 downloads.
Affected non-crypto-related packages include some provided by the enterprise automation platform Zapier, one of which has over 40,000 weekly downloads, with others not far behind. Eriksen pointed out other infected packages in subsequent posts, some of which have weekly downloads approaching 70,000, and another package with over 1.5 million weekly downloads.
"The scope of this new Shai Hulud attack is just too large; we are still working through the queue to confirm all cases," Eriksen wrote on X.
Researchers at cybersecurity company Wiz claim to have "discovered over 25,000 affected repositories, involving about 350 unique users, with 1,000 new repositories being continuously added every 30 minutes." The company recommends "immediate investigation and remediation" for any environments using npm.
Related: Coinbase "doubles down" on Solana with latest DEX acquisition
Original article: “New NPM Supply Chain Attack Compromises Major Ethereum (ETH) Domain Name Service (ENS) and Crypto Libraries”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
