Crypto Holders Beware! New Malware Drains ETH, SOL, XRP Wallets

Cybersecurity researchers have exposed malware operations targeting holders of Ethereum, XRP, and Solana cryptocurrencies. The threat attacks Atomic and Exodus wallet owners by using compromised software packages installed by developers unaware of the malware contained in the code. The malware is able to send cryptocurrency to thief-held addresses with no indication on the wallet owner, allowing criminals to steal money without the user's awareness or permission. The attack starts when developers unwittingly include hacked node package manager packages in their projects, such as the "pdf-to-office" package that appears genuine but conceals malicious code within. This package searches computers for installed crypto wallets and then injects code that intercepts transactions, enabling the theft of money. The malware can divert transactions on multiple leading cryptocurrencies, including Ethereum, USDT, XRP, and Solana, making it a significant threat to cryptocurrency users. The attack is an escalation in the ongoing targeting of cryptocurrency users through software supply chain attacks, employing sophisticated techniques for evasion from security tools and is multi-stage in nature. The malware's effect can be catastrophic since transactions appear normal on the wallet interface, with no visual warning signs for the user. The code substitutes valid recipient addresses with attacker-controlled addresses through base64 encoding, allowing hackers to pilfer digital assets without detection. Cryptocurrency users and developers are advised to be extremely cautious when verifying transaction addresses and to double-check the security of any packages installed on cryptocurrency-related projects to prevent such attacks.