Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Malicious npm packages target developers’ Ethereum wallets with an SSH backdoor
Global Security

Malicious npm packages target developers’ Ethereum wallets with an SSH backdoor

AdminBy AdminOctober 22, 2024No Comments2 Mins Read
Ethereum Wallets with SSH Backdoor
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 22, 2024Ravi LakshmananVulnerability / supply chain

Ethereum wallets with SSH backdoor

Cybersecurity researchers have discovered a number of suspicious packages published in the npm registry that are designed to harvest Ethereum private keys and gain remote machine access via the Secure Shell (SSH) protocol.

The packages attempt to “gain SSH access to the victim’s machine by writing the attacker’s SSH public key to the root user’s authorized_keys file,” software security company Phylum said. said in an analysis published last week.

List of packages whose purpose is to pretend to be legitimate a packet of ethersdefined as part of the company, listed as follows –

Some of these packages, most of which were published by the accounts “crstianokavic” and “timyorks”, are believed to have been released for testing purposes, as most of them make minimal changes. The last and most comprehensive package on the list is ethers-mew.

Cyber ​​security

This is not the first time that fake packages with similar functionality have been discovered in the npm registry. In August 2023 Phylum in detail a package called ethereum-cryptography, a typosquat of a popular cryptocurrency library that stole users’ private keys on a server in China, introducing a malicious dependency.

Ethereum wallets with SSH backdoor

The latest attack campaign takes a slightly different approach by embedding malicious code directly into packets, allowing threat actors to transfer Ethereum private keys to an “ether-sign(.)com” domain they control.

What makes this attack much more insidious is the fact that it requires the developer to actually use the package in their code – for example, creating a new instance of Wallet using the imported package – as opposed to the commonly observed cases of simply installing the package to run execution of malicious programs.

Additionally, the ethers-mew package has the ability to modify the “/root/.ssh/authorized_keys” file to add an SSH key belonging to the attacker and grant them permanent remote access to the compromised host.

“All of these packages, along with the authors’ accounts, were only active for a very short period of time, apparently removed and deleted by the authors themselves,” Fillum said.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.