←back to thread

NPM debug and chalk packages compromised

(www.aikido.dev)
1369 points universesquid | 4 comments | 08 Sep 25 15:37 UTC | HN request time: 0.503s | source
1. bstsb ◴[08 Sep 25 16:10 UTC] No.45170046[source]
looks like it won't affect you if you just downloaded the packages locally.

the actual code only runs in a browser context - it replaces all crypto addresses in many places with the attacker's.

a list of the attacker's wallet addresses: https://gist.github.com/sindresorhus/2b7466b1ec36376b8742dc7...

replies(3): >>45170503 #>>45170581 #>>45182734 #
2. pingou ◴[08 Sep 25 16:42 UTC] No.45170503[source]
I wonder why they didn't add something more nefarious that can run on developers machines while they were at it, would it have been too easy to see? It was caught very quickly anyway.
3. keepamovin ◴[08 Sep 25 16:49 UTC] No.45170581[source]
that will still affect users of your website that uses these packages, tho.
4. smoovb ◴[09 Sep 25 14:51 UTC] No.45182734[source]
Etherscan has tagged these addresses already. As of this check, none of the other block explorers have. Etherscan - yes - https://etherscan.io/address/0x4Cb4c0E7057829c378Eb7A9b174B0...

Mempool.space - no Blockchair - no Tronscan - no Blockcypher.com - no Blockread.io - no