Microsoft Discovers New Trojan That Steals Cryptocurrency Wallet Credentials

Other

According to Microsoft, malicious software hidden in npm packages has been found stealing cryptocurrency wallet credentials without users' knowledge.

Key Takeaways:

• Compromised npm packages contained a remote access trojan (RAT) targeting crypto wallet users.
• Attackers used Hugging Face repositories to transfer stolen data.
• The malware can log keystrokes, capture screenshots, and collect other sensitive information.

Microsoft cybersecurity researchers have identified two compromised npm packages containing a remote access trojan designed to target cryptocurrency wallet holders.

Once installed, the malware can operate silently on a victim’s device, collecting a wide range of sensitive information, including keystrokes, screenshots, and other data related to digital asset accounts.

npm is a free JavaScript package registry widely used by developers to build websites and applications. If a user unknowingly installs a malicious package, the embedded malware can run in the background and gather personal information such as passwords, banking details, and cryptocurrency wallet credentials.

What makes this campaign particularly notable is the attackers’ use of Hugging Face, a popular artificial intelligence development platform, to exfiltrate stolen data. By routing data through a trusted AI-related service, the malicious activity appears less suspicious and becomes harder to detect.

Microsoft noted that this is not the first warning it has issued to crypto investors. The company previously reported campaigns in which attackers leveraged fake search results and interactions with AI chatbots to distribute counterfeit PC utilities that secretly installed cryptocurrency mining malware on victims’ graphics processing units (GPUs).

See also: "Tether to Launch the World’s First Visa Card Offering Cashback in Gold-Backed Stablecoin XAUT"

Share: