Supply-chain threat intelligence
Risk score
92
Indexed incident for blockchain-helper-0 (npm).
Note: This report is updated by a verification record
Crypto/SSH/wallet stealer (self-labeled "CRYPTO STEALER"). postinstall scripts/postinstall.js auto-execs, src/index.js harvests ~/.ssh/id_rsa + wallet keys/seeds + env and exfils to hardcoded Telegram bot 8227918239:AAGEMDrBZluDsBBYPxfSyMuv2l3FY8cZCcs chat 6433587894. Auto-exec + hardcoded attacker Telegram exfil; "blockchain-helper" identity has no reason to read SSH/wallet keys.
-= Per source details. Do not edit below this line.=-
The package was found to contain malicious code or consuming dependency that contains malicious code
Affected versions
Indicators
Timeline