Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Why it matters: This campaign highlights evolving supply chain attacks targeting developers and enterprises for crypto and data theft.
- ReversingLabs is tracking the "Ghost campaign" which utilizes malicious npm packages for credential and crypto wallet theft.
- Seven npm packages, all from user mikilanjillo, have been identified as part of this campaign.
- The Hacker News reveals that attackers are also employing fake resumes to compromise enterprise credentials and deploy crypto miners, expanding the scope of this malicious activity beyond just npm packages.
A new "Ghost campaign" is leveraging seven malicious npm packages, published by a user named mikilanjillo, to steal cryptocurrency wallets and sensitive credentials. This sophisticated attack also incorporates tactics like using fake resumes to infiltrate enterprises and deploy crypto miners, according to The Hacker News, indicating a multi-pronged approach to data theft and illicit cryptocurrency generation.
