加密货币窃取程序 TrapDoor 正攻击三大代码仓库,34 个恶意软件包被检出
ChainCatcher 消息,安全公司 Socket Security 披露,一场名为 TrapDoor 的加密货币窃取活动正在 npm、PyPI 和 Crates.io 等软件包仓库中发起主动供应链攻击。目前已发现 34 个恶意软件包和 384 个版本及构件,攻击者持续在各生态系统中推送新版本。
TrapDoor 主要针对加密货币、DeFi、AI 和安全领域的开发者,窃取钱包、SSH 密钥、云凭证、GitHub 令牌、浏览器数据、环境变量和 API 密钥。Socket 检测到恶意版本的中位检测时间为 5 分 27 秒,最快检测发生在发布后 58 秒。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Odaily•1h agoThe US and Iran have reached an agreement on the full opening of the Strait of Hormuz
ChainCatcher•1h agoData: XRP spot ETFs saw a net inflow of $22.04 million last week
ChainCatcher•1h agoData: SOL spot ETFs saw a net inflow of $15.63 million last week
Odaily•1h agoAnalyst: Progress in the Iran agreement could trigger a significant reversal in dollar positions
Blockbeats•1h agoThe largest on-chain ETH long position with $252 million remains under pressure, with a floating loss of $19.3 million
Odaily•1h agoAfter liquidating the long positions of Maji Big Brother's Ethereum position, he continued to increase his position, currently holding 5,950 ETH
ChainCatcher•1h agoEamonn Sheridan: Fed hawkish shift to squeeze Wash's rate cut options
ChainCatcher•1h agoAnalysis: Ethereum's market cap share is declining, signaling a structural shift in the market
Blockbeats•2h agoAptos has approved and implemented three tokenomics optimization proposals
Blockbeats•3h agoThe two wallet addresses withdrew 3.4% of SAHARA's circulating supply from CEXs this morning