Svmuu reported that according to SlowMist's monitoring, MistEye detected a cross-registry supply chain attack targeting developers. The attackers deployed malicious packages through npm, PyPI, and Crates.io to carry out the attack. This campaign involves over 34 malicious packages and more than 384 related versions, targeting communities including crypto, DeFi, Solana, Sui/Move, and AI developers.
Potential attacker activities include stealing cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer keys. Some payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, Shell hooks, cron, systemd, and SSH.
SlowMist recommends immediately removing the affected packages, isolating the impacted systems, retaining logs, rotating exposed credentials, rebuilding CI runners and developer machines from clean images, and reviewing GitHub, cloud, SSH, and wallet activity.
Disclaimer:All content on this platform is sourced from the internet and is provided for informational purposes only. None of the content represents the views of this site, nor does it constitute investment advice. Please exercise caution when investing.
Faster global financial news!
SlowMist: Cross-platform supply chain attacks targeting crypto developers have been detected, involving more than 34 malicious packages
25/05/2026 04:26
Complaint Report
Complaint Report
Disclaimer: This content reflects the author's personal views only and does not constitute investment advice. If you find any violations, please Click to Report
24H Trending
-
Iranian Foreign Ministry: Iran and the U.S. Reach Agreement
-
Binance Seven U-denominated perpetual contracts, including LRCX and KLAC, will be launched
-
Gate's Stock Contracts Section Launches Trading for 8 Perpetual Contracts, Including ADSK (Autodesk) and BKNG (Booking.com Holdings)
-
Learn More About the ALTHEA Token (ALTH) and Its Decentralized Network
-
After going long on crude oil with 10x leverage, the position is showing a paper loss of $1.33 million; a certain address holds CL long positions worth $37.77 million
-
The OKX DEX xStocks Trading Competition is currently underway, with a total prize pool of 300,000 USDC
-
Morgan Stanley Updates Ethereum and Solana ETF Filings, Proposing a 0.14% Fee
-
Iranian media report that Iran-U.S. negotiations have resulted in five key points
-
A "smart money" investor bet $320,000 on Argentina to beat Austria in the World Cup group stage
-
OKX’s World Cup Prediction Ecosystem Partners Continue to Step Up Their Support, Adding an Additional 380,000 U in a Dedicated Prize Pool for 8 Matches This Week
Recommended Reading
Hot Topics
Svmuu focuses on blockchain industry trends and cutting-edge cryptocurrency news, while also covering real-time market data and in-depth analysis of the Hong Kong, U.S., and foreign exchange markets. Here, you can not only access professional 24/7 news updates and accurate market data, but also utilize practical investment tools to help you capitalize on opportunities in both digital assets and traditional financial markets. Whether you are a blockchain enthusiast or an investor in Hong Kong, U.S., or foreign exchange markets, we provide efficient and timely information services to empower your investment decisions.
Scan to Download App
