216.73.217.6

Atomic and Exodus crypto wallets targeted in malicious npm campaign

· Published 14/04/2025 17:12 · Modified 14/04/2025 17:17

Export JSON

Essential information

Published
14/04/2025 17:12
Modified
14/04/2025 17:17
Tags
2025-04-10 2025-04-14 atomic atomic wallet cryptocurrency exodus npm patching persistence software supply chain trojanized code wallet
Related entities
1 observables, 4 others

Description

A malicious package named pdf-to-office was discovered targeting wallets. The package, posing as a PDF to Office converter, injects malicious code into locally installed and wallets. This attack modifies legitimate files to redirect crypto funds to the attacker's . The campaign shows , as removing the malicious package doesn't remove the injected code from the wallets. Multiple versions of both wallets were targeted, with the attackers adapting their code accordingly. This incident highlights the growing scope of risks, particularly in the industry, and emphasizes the need for improved monitoring of both source code repositories and locally deployed applications.

External references