Subj : Are they brave or stupid?
To   : All
From : Mike Powell
Date : Mon Aug 18 2025 07:13 pm

Are they brave or stupid? Malware targeting Russian crypto hackers found

Date:
Mon, 18 Aug 2025 17:27:00 +0000

Description:
Researchers found malware hiding in npm packages downloaded by Russian crypto
developers.

FULL STORY

Two malicious packages were recently discovered on the npm package manager
platform targeting software developers on the Solana ecosystem.

However the discovery, attribution, and potential targets of the malware have
made researchers speculate if this was a state-sponsored attack.

Solana is a blockchain designed for decentralized applications and
cryptocurrencies. It is similar to Ethereum in many aspects, which is why it
is often described in the crypto community as the Ethereum killer.

Targeting devs? Or hackers? Or both?

Recently, security researchers from Safety found two npm packages:
solana-pump-test and solana-spl-sdk.

Both were submitted by the same author, and both contained identical code -
and according to Safety, when these packages were installed, they ran scripts
that exfiltrated sensitive information from compromised devices, including
private keys that granted the attackers access to crypto funds.

Safety says that the victims - the developers that downloaded and ran the
infostealers - were located in Russia.

The attackers, on the other hand, seem to be located in the United States,
based on the IP addresses where the exfiltrated data was relayed.

These things were enough for the researchers to ask if this was a US-backed
threat actor targeting Russia, probably due to currently strained
geo-political relations between the two powers.

But npm, as a platform, is not Russian, or managed by the Russians. The npm
platform is run by npm, Inc., a company that was originally independent but
is now a subsidiary of GitHub, which itself is owned by Microsoft.

Still, Russia has multiple state-sponsored and affiliated threat actors known
to target cryptocurrency users, or large enterprises which are then forced to
make ransom payments in crypto. Groups such as Evil Corp, Sandworm, and APT28
(Fancy Bear) have been linked to campaigns that either exfiltrate
cryptocurrency or deploy ransomware for financial gain.

Therefore, it is not too far-fetched to speculate if this attack was aimed at
crypto criminals, as well as regular crypto developers.

Via The Register

======================================================================
Link to news story:
https://www.techradar.com/pro/security/are-they-brave-or-stupid-malware-target
ing-russian-crypto-hackers-found

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.