Cryptopolitan on MSN

Cybersecurity researchers uncover GhostLoader malware hidden in fake OpenClaw npm package

A malicious npm package disguised as a legitimate AI tool to install the virally popular OpenClaw, but designed to steal system passwords and crypto wallets, has been identified by cybersecurity ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

New PhantomRaven NPM attack wave steals dev data via 88 packages

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
CSO Online

PhantomRaven returns to npm with 88 bad packages

Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware.
CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
The Hacker News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
Hosted on MSN

Hundreds of malware-laden fake npm packages posted online to try and trick developers

Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories. Cybersecurity researchers from Phylum have warned a ...
Live Bitcoin News

npm Worm Steals Crypto Keys, Targets 19 Packages

A self-replicating npm worm dubbed SANDWORM_MODE hits 19+ packages, harvesting private keys, BIP39 mnemonics, wallet files and LLM API keys from dev environments.
TheStreet.com

How to stay safe if you’re using MetaMask, Phantom, Trust or any crypto wallet from NPM attack

A new cyberattack has put millions of crypto users on alert after hackers slipped malicious code into NPM, the software registry that powers thousands of apps and websites, including many tied to ...

npmx package browser released as alpha to fix pain of using npmjs

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...

New Malicious npm Package Highlights the Speed at Which Supply Chain Risks Propagate

Tenable Research investigated a malicious package in the npm public registry named “amber-src” that underscores the rapid nature of modern supply chain attacks. The package, which was downloaded ...
InfoWorld

‘Package confusion’ attack against NPM used to trick developers into downloading malware

Application testing company Checkmarx has warned developers to be on the lookout for malicious NPM packages, after discovering a new attack that employs typosquatting to impersonate two popular ...