
blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys
Preview meta tags from the blog.phylum.io website.
Linked Hostnames
11- 6 links toblog.phylum.io
- 1 link toapp.phylum.io
- 1 link todiscord.gg
- 1 link todocs.phylum.io
- 1 link togithub.com
- 1 link tohardhat.com
- 1 link tonews.ycombinator.com
- 1 link tophylum.io
Thumbnail

Search Engine Appearance
Dormant npm Package Update Targets Ethereum Private Keys
On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to
Bing
Dormant npm Package Update Targets Ethereum Private Keys
On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to
DuckDuckGo

Dormant npm Package Update Targets Ethereum Private Keys
On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to
General Meta Tags
9- titleDormant npm Package Update Targets Ethereum Private Keys
- charsetutf-8
- viewportwidth=device-width, initial-scale=1
- referrerno-referrer-when-downgrade
- article:published_time2023-09-02T14:00:12.000Z
Open Graph Meta Tags
8- og:site_namePhylum Research | Software Supply Chain Security
- og:typearticle
- og:titleDormant npm Package Update Targets Ethereum Private Keys
- og:descriptionOn the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to
- og:urlhttps://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys/
Twitter Meta Tags
11- twitter:cardsummary_large_image
- twitter:titleMalious update released for previously benign npm package
- twitter:descriptionA package lay dormant for 8 months before receiving a malicious update. Compromise or patient attacker?
- twitter:urlhttps://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys/
- twitter:imagehttps://blog.phylum.io/content/images/size/w1200/2023/09/zombiehand-1.png
Link Tags
12- alternatehttps://blog.phylum.io/rss/
- canonicalhttps://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys/
- iconhttps://blog.phylum.io/content/images/size/w256h256/2023/03/phylum-logo.png
- preconnecthttps://fonts.googleapis.com
- preconnecthttps://fonts.gstatic.com
Links
16- http://hardhat.com/?ref=blog.phylum.io
- https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17?ref=blog.phylum.io
- https://blog.phylum.io/author/phylum-research-team
- https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys
- https://blog.phylum.io/q3-2024-evolution-of-software-supply-chain-security-report