Press ESC to close

Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages

Category Details
Threat Actors _lain (Russian-speaking threat actor)
Campaign Overview Malicious npm packages impersonating the Nomic Foundation’s Hardhat tool to steal sensitive data from developer systems.
Target Regions (Or Victims) Developers using npm registry, particularly those in Ethereum and blockchain development.
Methodology Exploit trust in open source packages to inject malicious code, harvesting sensitive information such as private keys and mnemonics.
Product Targeted Hardhat (Ethereum development tool), npm ecosystem, Ethereum-based smart contract applications.
Malware Reference Quasar RAT, MisakaNetwork (blockchain-powered botnet).
Tools Used Malicious npm packages, OAST tools (oastify.com, oast.fun), Ethereum smart contracts for C2 address distribution.
Vulnerabilities Exploited Complexity and dependency sprawl in npm ecosystem, unreviewed packages and dependencies.
TTPs Exploiting open source package trust, using hardcoded keys for data exfiltration, creating complex dependency chains.
Attribution _lain (Russian-speaking threat actor), exploiting npm ecosystem complexities.
Recommendations Verify package authenticity, inspect source code before installation, exercise caution with package names.
Source The Hackers News

Read full article: https://thehackernews.com/2025/01/russian-speaking-attackers-target.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: TheHackersNews

Published on: January 7, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *