Crypto Holders Beware! New Malware Drains ETH, SOL, XRP Wallets

Source Newsbtc

Malware operations targeting holders of Ethereum, XRP, and Solana cryptocurrencies have been exposed by cybersecurity researchers. The threat attacks Atomic and Exodus wallet owners by using compromised software packages installed by developers unaware of the malware contained in the code.

The malware, upon execution, is able to send cryptocurrency to thief-held addresses with no indication on the wallet owner.

How The Attack Works

Researchers say the attack starts when developers unwittingly include hacked node package manager (NPM) packages in their projects. One such package named “pdf-to-office” appears genuine on the surface but conceals malicious code within.

The package searches computers for installed crypto wallets and then injects code that intercepts transactions. This enables criminals to steal money without the user’s awareness or permission.

Multiple Cryptocurrencies At Risk

Security researchers have concluded that the malware can divert transactions on multiple of the world’s leading cryptocurrencies. They include Ethereum, USDT, XRP and Solana. The attack is what researchers identify as “an escalation in the ongoing targeting of cryptocurrency users through software supply chain attacks.”

Technical Details Reveal Sophisticated Methods

ReversingLabs discovered the campaign by scanning for suspicious NPM packages. Their analysis revealed several warning signs such as suspicious URL associations and code structures matching well-known threats.

The attack employs sophisticated techniques for evasion from security tools and is multi-stage in nature. The infection begins when the malware package executes its code aimed at wallet software on the target’s machine. It specifically looks for application files in some of the predetermined paths before injecting its malicious code.

No Visual User Warning Signs

According to reports, this malware’s effect can be catastrophic since transactions appear absolutely normal on the wallet interface. The code substitutes valid recipient addresses with attacker-controlled addresses through base64 encoding.

For instance, when a user attempts to send ETH, the malware substitutes the recipient address with the attacker’s address, which is concealed in encoded form. Users have no visual clue that anything is wrong until they check the blockchain record afterward and discover their money went to an unexpected address.

The security threat indicates increased harm to cryptocurrency owners who might not be aware their transactions are compromised until funds go missing. The modus operandi of the attack is evidence of how hackers keep coming up with new methods of pilfering digital assets.

Cryptocurrency users should be extremely cautious when verifying all transaction addresses. Developers are also advised to double-check the security of any packages they install on cryptocurrency-related projects.

Featured image from Enterprise Networking Planet, chart from TradingView

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
Gold is on track for 2% weekly lossGold lost more ground on Friday, putting the precious metal on course for its sharpest weekly slide in almost two months.
Author  Cryptopolitan
13 hours ago
Gold lost more ground on Friday, putting the precious metal on course for its sharpest weekly slide in almost two months.
placeholder
Bitcoin Profit Taking Explodes: 12x More Gains Than Losses Hitting ExchangesOn-chain data shows the ratio between the Bitcoin profit and loss being sent to exchanges is approaching euphoric bull market levels.
Author  Bitcoinist
13 hours ago
On-chain data shows the ratio between the Bitcoin profit and loss being sent to exchanges is approaching euphoric bull market levels.
placeholder
ADA and AVAX share bearish outlooks after the SEC delays ETFsCardano (ADA) and Avalanche (AVAX) are down 5% to 8% in the last 24 hours, respectively, at press time on Friday, in the aftermath of the US Securities and Exchange Commission (SEC) delaying the decission over the Cardano and Avalanche Exchange Traded Funds (ETFs) filings on Wednesday.
Author  FXStreet
14 hours ago
Cardano (ADA) and Avalanche (AVAX) are down 5% to 8% in the last 24 hours, respectively, at press time on Friday, in the aftermath of the US Securities and Exchange Commission (SEC) delaying the decission over the Cardano and Avalanche Exchange Traded Funds (ETFs) filings on Wednesday.
placeholder
Tariff Uncertainty Rises Again, Stocks SlideAsian stocks were mostly lower on Friday as global tariffs faced uncertainty again.
Author  Insights
14 hours ago
Asian stocks were mostly lower on Friday as global tariffs faced uncertainty again.
placeholder
Pound Sterling corrects against US Dollar after US court reinstates Trump tariffsThe Pound Sterling (GBP) drops to near 1.3475 against the US Dollar (USD) in Friday’s European trading session.
Author  FXStreet
14 hours ago
The Pound Sterling (GBP) drops to near 1.3475 against the US Dollar (USD) in Friday’s European trading session.
goTop
quote