加密货币窃取程序 TrapDoor 正攻击三大代码仓库,34 个恶意软件包被检出
ChainCatcher 消息,安全公司 Socket Security 披露,一场名为 TrapDoor 的加密货币窃取活动正在 npm、PyPI 和 Crates.io 等软件包仓库中发起主动供应链攻击。目前已发现 34 个恶意软件包和 384 个版本及构件,攻击者持续在各生态系统中推送新版本。
TrapDoor 主要针对加密货币、DeFi、AI 和安全领域的开发者,窃取钱包、SSH 密钥、云凭证、GitHub 令牌、浏览器数据、环境变量和 API 密钥。Socket 检测到恶意版本的中位检测时间为 5 分 27 秒,最快检测发生在发布后 58 秒。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Blockbeats•14m agoMusk: The base model of Grok, V9-Medium (1.5T), is expected to be officially released in 2 to 3 weeks
Blockbeats•24m agoCrude oil prices plummeted, crypto KOL CBB0FE heavily shorted with a floating profit of $1.26 million
Blockbeats•27m agoThe Solana ecosystem meme coin ASTEROID rebounded 48% intraday, while the Ethereum ecosystem version experienced slight pressure and pulled back
币界网•1h agoU.S. Secretary of State: The U.S. and Iran have reliable solutions on the strait and nuclear issues
Blockbeats•1h agoHyperliquid's whale is bearish on SpaceX's implied valuation before listing, with the market value difference between the two pre-IPO contracts reaching $137 billion
ChainCatcher•1h agoWu Jihan: European photovoltaic power generation has exceeded system flexibility and capacity; Bitcoin mining can act as the "last buyer"
Odaily•2h agoThe US and Iran have reached an agreement on the full opening of the Strait of Hormuz
ChainCatcher•3h agoData: XRP spot ETFs saw a net inflow of $22.04 million last week
ChainCatcher•3h agoData: SOL spot ETFs saw a net inflow of $15.63 million last week
Odaily•3h agoAnalyst: Progress in the Iran agreement could trigger a significant reversal in dollar positions