Crypto Holders Beware! New Malware Drains ETH, SOL, XRP Wallets
Malware operations targeting Ethereum, XRP, and Solana holders have been identified. The attacks affect Atomic and Exodus wallet users through compromised software packages unknowingly included by developers. The malware executes code that diverts cryptocurrency transactions to addresses controlled by thieves without the wallet owner's knowledge. The attack begins when developers use hacked node package manager (NPM) packages, such as “pdf-to-office,” which appear legitimate but contain malicious code. This code searches for crypto wallets and intercepts transactions, allowing criminals to steal funds discreetly. The malware can impact several major cryptocurrencies, including Ethereum, USDT, XRP, and Solana. Researchers from ReversingLabs discovered the campaign by analyzing suspicious NPM packages, noting evasion techniques and multi-stage infection processes. The malware substitutes valid recipient addresses with attacker-controlled ones using base64 encoding, making transactions appear normal until users check blockchain records. This threat highlights the need for cryptocurrency users to verify transaction addresses carefully and for developers to ensure the security of installed packages.
