npm Blog Archive: Plot to steal cryptocurrency foiled by the npm security team Logo

npm Blog Archive: Plot to steal cryptocurrency foiled by the npm security team

0
Free
Visit Website

Yesterday, the npm, Inc. security team, in collaboration with Komodo, helped protect over $13 million USD in cryptocurrency assets as we found and responded to a malware threat targeting the users of a cryptocurrency wallet called Agama. The attack focused on getting a malicious package into the build chain for Agama and stealing the wallet seeds and other login passphrases used within the application. The details The attack was carried out by using a pattern that is becoming more and more popular; publishing a “useful” package (electron-native-notify) to npm, waiting until it was in use by the target, and then updating it to include a malicious payload. The GitHub user sawlysawly published this commit on Mar 8th which added electron-native-notify ^1.1.5 as a dependency to the EasyDEX-GUI application (which is used as part of the Agama wallet). The next version of electron-native-notify was published 15 days later and was the first version to include a malicious payload. Following that Agama version v0.3.5 was released on Apr 13. electron native notify publication timeline “1.0.0”: “2019-03-06T23:54:33.625Z” “1.0.1”: “2019-03-07T03:07:45.585Z” “1.0.2”: “2019-03-07T03:10:00.491Z”

FEATURES

ALTERNATIVES

A collaborative and open-source incident response platform for sharing observables among analysts.

TheHive is a case management platform for security operations teams that facilitates incident response, threat analysis, and team collaboration.

Open-source security automation platform for automating security alerts and building AI-assisted workflows.

Templates for incident response run-books tailored for AWS environments based on NIST guidelines.

A mature SIEM environment is critical for successful SOAR implementation.

AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.

A PHP based web application for managing postmortems with pluggable features.

An AI-powered security operations platform that automates alert investigation, triage, and response workflows for SOC analysts.