Pacotes npm maliciosos colhem chaves crypto e segredos

Português

Dezenove pacotes maliciosos no registro npm estão propagando um verme conhecido como SANDWORM_MODE. Esses pacotes roubam chaves crypto, segredos de CI, tokens de API e chaves de API de IA. O roubo ocorre por meio de injeção MCP.

Pesquisadores de segurança identificaram 19 pacotes npm maliciosos que estão coletando ativamente informações sensíveis dos sistemas dos desenvolvedores. De acordo com relatórios, esses pacotes propagam um verme chamado SANDWORM_MODE, que visa chaves crypto, segredos de integração contínua (CI), tokens de API e chaves de API de IA. O software malicioso emprega injeção MCP como seu método principal para extrair e exfiltrar esses dados. npm, o popular gerenciador de pacotes para JavaScript e Node.js, serve como plataforma de distribuição para essas ameaças, podendo comprometer desenvolvedores que instalam os pacotes afetados sem saber. Este incidente destaca os riscos contínuos nos ecossistemas de software de código aberto, onde ataques à cadeia de suprimentos podem levar a violações de dados em larga escala. Não foram fornecidos detalhes específicos sobre os nomes exatos dos 19 pacotes ou o número total de usuários afetados nas informações disponíveis. Recomenda-se que os desenvolvedores revisem suas dependências e usem ferramentas para escanear vulnerabilidades em pacotes npm para mitigar esses riscos.

Artigos relacionados

Illustration depicting hackers hijacking Linux Snap Store apps to steal cryptocurrency recovery phrases, featuring a compromised Ubuntu laptop and digital seed phrase theft.
Imagem gerada por IA

Attackers hijack Linux Snap Store apps to steal crypto phrases

Reportado por IA Imagem gerada por IA

Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.

Researchers uncover leaked API keys on nearly 10,000 websites

Researchers analyzing 10 million web pages have identified 1,748 active API credentials from 14 major providers exposed across nearly 10,000 websites, including those run by banks and healthcare providers. These leaks could enable attackers to access sensitive data or gain control over digital infrastructure. Nurullah Demir of Stanford University described the issue as very significant, affecting even major companies.

Anthropic's Git MCP server revealed security flaws

Reportado por IA

Anthropic's official Git MCP server contained worrying security vulnerabilities that could be chained together for severe impacts. The issues were highlighted in a recent TechRadar report. Details emerged on potential risks to the AI company's infrastructure.

Tecnologia

Russian hackers exploit Microsoft Office vulnerability days after patch

Linux

New SysUpdate malware variant targets Linux systems

Linux

New Linux botnet SSHStalker uses IRC for command-and-control

Wiper malware targets Poland's energy grid but causes no blackout

Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.

Researchers uncover new SysUpdate malware variant targeting Linux

Reportado por IA

Researchers at LevelBlue have identified a new variant of the SysUpdate malware aimed at Linux systems during a digital forensics and incident response engagement. The malware disguises itself as a legitimate system service and employs advanced encryption for command-and-control communications. By reverse-engineering it, the team created tools to decrypt its traffic more quickly.

More than 40,000 WordPress sites affected by malware flaw

A vulnerability in a popular WordPress quiz plugin has impacted over 40,000 sites, allowing potential SQL injection attacks. Security researchers have identified the flaw, urging site owners to check for exposure. The issue was reported on February 4, 2026.

Anthropic's Claude Code CLI source code leaks online

Reportado por IA

Anthropic's Claude Code command line interface source code has leaked online after a packaging error in a recent release. The incident exposed over 512,000 lines of code from nearly 2,000 TypeScript files. The company described it as human error with no sensitive data involved.

quinta-feira, 19 de março de 2026, 22:25h

Duet Night Abyss launcher spreads malware on Steam

quarta-feira, 18 de março de 2026, 03:20h

Infostealers Disguised as Claude Code, OpenClaw, and Other AI Tools

quinta-feira, 26 de fevereiro de 2026, 01:40h

The hacker news publishes weekly threatsday bulletin

terça-feira, 17 de fevereiro de 2026, 10:18h

OpenClaw AI agents targeted by infostealer malware for first time

sábado, 14 de fevereiro de 2026, 06:39h

SSHStalker botnet uses IRC to target Linux servers

sexta-feira, 13 de fevereiro de 2026, 14:32h

Fake Chrome AI extensions targeted over 300,000 users

quarta-feira, 11 de fevereiro de 2026, 00:43h

Researchers discover SSHStalker botnet infecting Linux servers

quinta-feira, 05 de fevereiro de 2026, 15:05h

Critical flaws discovered in n8n workflow tool

terça-feira, 27 de janeiro de 2026, 06:48h

Zombie domains expose Snap Store to supply chain attacks

quinta-feira, 22 de janeiro de 2026, 03:56h

Malicious PyPI package impersonates SymPy to deploy XMRig miner

 

 

 

Este site usa cookies

Usamos cookies para análise para melhorar nosso site. Leia nossa política de privacidade para mais informações.
Recusar