Crypto Wallets Under Attack: New Malware Targets Ethereum, XRP, and Solana
Cybersecurity experts have uncovered a new malware campaign targeting Ethereum, XRP, and solana wallets. The attack primarily affects Atomic and Exodus wallet users via compromised npm packages.
Developers unknowingly install these trojanized packages, which seem legitimate but contain hidden malicious code. one such package is “pdf-to-office.” Once installed, it scans for cryptocurrency wallets and injects code that intercepts transactions.
Researchers warn this is an escalation in targeting crypto users through software supply chain attacks. the malware can redirect transactions across multiple cryptocurrencies, including Ethereum, Tron-based USDT, XRP, and Solana.
ReversingLabs identified the campaign by analyzing suspicious npm packages. They detected malicious behavior,including suspicious URL connections and code patterns matching known threats.
The infection process starts when the malicious package executes its payload, targeting wallet software.It searches for application files in specific paths, extracts the application archive, and injects malicious code. This code replaces legitimate wallet addresses wiht attacker-controlled ones using base64 encoding.
Users are unaware their transactions are compromised until they verify the blockchain. The impact can be severe, as funds are sent to unexpected addresses without any visual indication in the wallet interface.
