Supply-chain threat intelligence

Incident detail

criticalnpm·crypto miner·osv

Malicious code in blockchain-helper-0 (npm)

blockchain-helper-0

Risk score

92

AI summary

Indexed incident for blockchain-helper-0 (npm).

Description

Note: This report is updated by a verification record

Crypto/SSH/wallet stealer (self-labeled "CRYPTO STEALER"). postinstall scripts/postinstall.js auto-execs, src/index.js harvests ~/.ssh/id_rsa + wallet keys/seeds + env and exfils to hardcoded Telegram bot 8227918239:AAGEMDrBZluDsBBYPxfSyMuv2l3FY8cZCcs chat 6433587894. Auto-exec + hardcoded attacker Telegram exfil; "blockchain-helper" identity has no reason to read SSH/wallet keys.


-= Per source details. Do not edit below this line.=-

The package was found to contain malicious code or consuming dependency that contains malicious code

Technical details

Affected versions

=1.0.0>=0

Indicators

  • affected version=1.0.075%
  • affected version>=075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents