blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys

Preview meta tags from the blog.phylum.io website.

Linked Hostnames

11

Thumbnail

Search Engine Appearance

Google

https://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys

Dormant npm Package Update Targets Ethereum Private Keys

On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to



Bing

Dormant npm Package Update Targets Ethereum Private Keys

https://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys

On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to



DuckDuckGo

https://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys

Dormant npm Package Update Targets Ethereum Private Keys

On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to

  • General Meta Tags

    9
    • title
      Dormant npm Package Update Targets Ethereum Private Keys
    • charset
      utf-8
    • viewport
      width=device-width, initial-scale=1
    • referrer
      no-referrer-when-downgrade
    • article:published_time
      2023-09-02T14:00:12.000Z
  • Open Graph Meta Tags

    8
    • og:site_name
      Phylum Research | Software Supply Chain Security
    • og:type
      article
    • og:title
      Dormant npm Package Update Targets Ethereum Private Keys
    • og:description
      On the afternoon of September 1, 2023 Phylum's automated risk detection platform flagged two new publications of the https://app.phylum.io/package/npm/hardhat-gas-report/1.1.17 package. It turns out these updates included a stealthy clipboard monitor with a persistence mechanism attempting to exfiltrate Ethereum private keys to
    • og:url
      https://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys/
  • Twitter Meta Tags

    11
    • twitter:card
      summary_large_image
    • twitter:title
      Malious update released for previously benign npm package
    • twitter:description
      A package lay dormant for 8 months before receiving a malicious update. Compromise or patient attacker?
    • twitter:url
      https://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys/
    • twitter:image
      https://blog.phylum.io/content/images/size/w1200/2023/09/zombiehand-1.png
  • Link Tags

    12
    • alternate
      https://blog.phylum.io/rss/
    • canonical
      https://blog.phylum.io/dormant-npm-package-update-targets-ethereum-private-keys/
    • icon
      https://blog.phylum.io/content/images/size/w256h256/2023/03/phylum-logo.png
    • preconnect
      https://fonts.googleapis.com
    • preconnect
      https://fonts.gstatic.com

Links

16