加密货币窃取程序 TrapDoor 正攻击三大代码仓库,34 个恶意软件包被检出
ChainCatcher 消息,安全公司 Socket Security 披露,一场名为 TrapDoor 的加密货币窃取活动正在 npm、PyPI 和 Crates.io 等软件包仓库中发起主动供应链攻击。目前已发现 34 个恶意软件包和 384 个版本及构件,攻击者持续在各生态系统中推送新版本。
TrapDoor 主要针对加密货币、DeFi、AI 和安全领域的开发者,窃取钱包、SSH 密钥、云凭证、GitHub 令牌、浏览器数据、环境变量和 API 密钥。Socket 检测到恶意版本的中位检测时间为 5 分 27 秒,最快检测发生在发布后 58 秒。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Odaily•19m agoQatari media: The Strait of Hormuz will be opened in phases
Blockbeats•31m agoBitcoin may stage an "$80,000 short squeeze," analysts warn that a larger liquidation storm is approaching
ChainCatcher•41m agoBinance will remove some leveraged trading pairs
ChainCatcher•42m agoPeckShield:WUSD/GLOVE 遭攻击损失约 20.7 万美元
ChainCatcher•46m agoA New York lawsuit seeks to claim ownership of 39,000 dormant Bitcoin addresses, involving Satoshi Nakamoto's holdings
Blockbeats•2h agoIndonesia blocked Polymarket on suspicion of online gambling
ChainCatcher•2h agoBlackRock analyst: Under Walsh's leadership, the Fed may support rate cuts
ChainCatcher•2h agoData: Over $25 million in assets crossed from other chains to Solana in the past 7 days
Blockbeats•2h ago"Today's largest BTC position" was led by over 36.9 million orders, with the whale's stop-loss set at $73,800
Odaily•2h agoIOSG Ventures did not sell UNI and COMP; the related address was labeled with an error in Arkham