Unit 42 experts notified about increasing number of attacks on Oracle WebLogic servers. Criminals exploit…
Experts did not immediately realize that they were dealing with an attack on the supply chain: the malicious library targeted application developers, who eventually incorporated the malicious product into their product.
This application was an Agama wallet, created by the Komodo team, and using EasyDEX-GUI in its work. EasyDEX-GUI, as it turned out, loaded the dangerous electron-native-notify library.
Although the malicious code appeared in electron-native-notify as early as in March 2019, it penetrated Agama only on April 13, 2019, with the release of Agama version 0.3.5. According to npm experts, the code of the intruders functioned as it was intended: it stole seeds and passwords and transmitted this data to a remote server. As a result, the campaign operators had the opportunity to steal Agama users’ funds.
When the problem became known, Komodo developers decided to act and urgently secure their users and their funds.
“The npm, Inc. security team, in collaboration with Komodo, helped protect over $13 million USD in cryptocurrency assets as we found and responded to a malware threat targeting the users of a cryptocurrency wallet called Agama”, — reported developers.
To do this, they exploited the same vulnerability as the attackers, eventually got at their disposal a lot of seed, and then took all money from the blow .
According to the official report, this way about 8,000,000 KMD tokens and 96 BTC were saved from vulnerable wallets. Otherwise, intruders could steal these tools. The funds were transferred to the wallets RSgD2cmm3niFRu2kwwtrEHoHMywJdkbkeF (KMD) and 1GsdquSqABxP2i7ghUjAXdtdujHjVYLgqk (BTC), where, as the developers assure, they are completely safe and controlled by the Kom team.
Here is a brief demonstration of the remote sending.
Users can request return of their tokens through a specially created page. It is also recommended to create new KMD and BTC addresses, to use new seed’s and password phrases.
Source: https://blog.npmjs.org
News-xbuhoxu.store is a domain that tries to force you into subscribing to its browser notifications…
News-xbadeyo.today is a site that tries to force you into clik to its browser notifications…
News-bbutohu.info is a site that tries to trick you into clik to its browser notifications…
News-bbucoxe.today is a domain that tries to force you into clik to its browser notifications…
News-xdetake.cc is a domain that tries to force you into clik to its browser notifications…
News-bbufiya.today is a domain that tries to force you into subscribing to its browser notifications…