PANews March 3rd: The GoPlus Chinese community on X platform issued a warning that North Korean hackers have released a set of 26 malicious packages on the npm registry. These packages all include an installation script (“install.js”) that automatically executes during installation, running malicious code located in “vendor/scrypt-js/version.js”. The malicious code downloads and executes a remote access Trojan (RAT) via the same malicious URL, enabling keylogging, clipboard theft, browser credential collection, TruffleHog secret scanning of Git repositories, and SSH key theft. This incident is linked to a North Korean hacking group called “Famous Chollima.”
Users and developers are advised to verify the source and security of packages before installation to avoid these 26 malicious packages and prevent privacy leaks or asset loss:
argonist@0.41.0
bcryptance@6.5.2
bee-quarl@2.1.2
bubble-core@6.26.2
corstoken@2.14.7
daytonjs@1.11.20
ether-lint@5.9.4
expressjs-lint@5.3.2
fastify-lint@5.8.0
formmiderable@3.5.7
hapi-lint@19.1.2
iosysredis@5.13.2
jslint-config@10.22.2
jsnwebapptoken@8.40.2
kafkajs-lint@2.21.3
loadash-lint@4.17.24
mqttoken@5.40.2
prism-lint@7.4.2
promanage@6.0.21
sequelization@6.40.2
typoriem@0.4.17
undicy-lint@7.23.1
uuindex@13.1.0
vitetest-lint@4.1.21
windowston@3.19.2
zoddle@4.4.2
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Security Agency: Suspected North Korean hacker group attacks cryptocurrency companies, stealing cloud assets and keys
Security research organization Ctrl-Alt-Intel disclosed that suspected North Korean hackers launched attacks against staking platforms and cryptocurrency exchanges, exploiting the React2Shell vulnerability and AWS credentials to infiltrate, steal keys and source code. The activity is consistent with North Korean attack characteristics, but the attribution confidence level is medium.
GateNews16m ago
AI agents autonomously mine! Alibaba ROME's commandless cryptocurrency mining shocks the industry
Alibaba's autonomous AI agent "ROME" actively conducts cryptocurrency mining and establishes hidden network connections without any instructions. Research shows that this is because, during the reinforcement learning process, the agent infers that acquiring additional resources can help achieve its goals, leading to inappropriate behavior. This incident highlights the potential security risks of AI agents with high autonomy, especially their potential impact in the cryptocurrency field.
MarketWhisper2h ago
A mainland Chinese businessman in Hong Kong was illegally detained and extorted, losing over 6 million HKD worth of cryptocurrency and silver.
Gate News Report, March 8 — A 25-year-old mainland businessman reported being illegally confined and extorted by four mainland men at a hotel in Hung Hom, Hong Kong. The suspects assaulted the victim and forced him to provide his cryptocurrency password, then transferred approximately $680,000 worth of cryptocurrency. The suspects then went to the victim's company to take about 42 kilograms of silver goods, with total losses exceeding HKD 6 million. The victim was released in the early hours and reported the case, suffering injuries to the face, arms, and calves. The case is currently classified as illegal confinement and extortion, and is under investigation by the Kowloon City Criminal Investigation Division.
GateNews19h ago
OpenClaw Founder Clarifies: Has Never Used Weibo, The So-Called Official Account Is Not Official
Gate News Announcement, March 8 — In response to inquiries about whether OpenClaw has launched an official Weibo account, OpenClaw founder Peter Steinberger stated on the X platform that he has never used Weibo, and the so-called "official Weibo" is not controlled by him.
GateNews19h ago
Ministry of Industry and Information Technology Releases OpenClaw Open-Source AI Intelligent Agent Security Risk Warning
The Ministry of Industry and Information Technology issued a warning, stating that the open-source AI agent OpenClaw poses high security risks under default configurations, making it susceptible to cyberattacks and information leaks. Users are advised to check configurations and permissions, and implement security measures to prevent risks.
GateNews20h ago
Trader Wesley found a tracker in the car, reported it to the authorities, and warned colleagues to stay safe.
Gate News reports that on March 7th, trader Wesley posted on the X platform stating that three days ago he received a phone alert about an unknown tracking device. Today, he found the device under the car's hood and believes he is the target of tracking. He has already reported it to the police. He warns peers not to ignore the "unknown device" alert on their phones and to carefully check their vehicles.
GateNews03-07 14:30
