🚀 Security Alert: GitHub Project Exploited in Cryptocurrency Theft
#SecurityAlert #GitHub #CryptocurrencyTheft #OpenSource #MaliciousCode #NodeJS #AssetTheft #CyberSecurity #SocialEngineering #SlowMist #Caution #Isolation #PrivateKey #SOL
According to PANews, a security incident involving a GitHub-hosted open-source project has resulted in the theft of cryptocurrency assets. On July 2, a victim reported using the project named zldp2002/solana-pumpfun-bot, which led to the unauthorized access and theft of their digital assets. The SlowMist security team analyzed the attack, revealing that the perpetrators disguised the malicious code as a legitimate open-source project. This deception encouraged users to download and execute the harmful Node.js project, which contained malicious dependencies. As a result, users' wallet private keys were compromised, leading to asset theft.
The attack involved multiple GitHub accounts working in coordination, which expanded the reach and credibility of the malicious project, making it highly deceptive. This type of attack combines social engineering with technical methods, making it challenging to defend against even within organizations.
SlowMist advises developers and users to exercise extreme caution when dealing with unfamiliar GitHub projects, especially those involving wallet or private key operations. It is recommended to run and debug such projects in isolated environments without sensitive data to mitigate risks.#SecurityAlert #GitHub #CryptocurrencyTheft #OpenSource #MaliciousCode #NodeJS #AssetTheft #CyberSecurity #SocialEngineering #SlowMist #Caution #Isolation #PrivateKey #SOL
🚀 Malicious Code Discovered in GitHub Project Template
#MaliciousCode #GitHub #Cybersecurity #Trojan #Cryptocurrency #Scam #DeveloperCaution #V2EX
According to PANews, a user named evada recently reported on the V2EX website that during a job application process, they were asked to use a GitHub project template provided by the recruiter. It was discovered that the project contained malicious code. Specifically, the logo.png file, which appeared to be an image, actually contained executable code. This code was triggered through the config-overrides.js file with the intent to steal local cryptocurrency private keys.
Evada highlighted that the malicious code sends requests to a specific URL to download a trojan file, which is then set to run automatically at startup, posing significant stealth and danger. V2EX administrator Livid stated that the account involved has been banned, and GitHub has removed the related malicious repository. Several users commented that this new type of scam targeting programmers is highly deceptive, urging developers to exercise caution when running projects from unknown sources.#MaliciousCode #GitHub #Cybersecurity #Trojan #Cryptocurrency #Scam #DeveloperCaution #V2EX
🚀 Web3 Job Scam Alert: Malicious Code Disguised as GitHub Repository
#Web3 #JobScam #CyberSecurity #MaliciousCode #GitHub #Backdoor #DataProtection #ITSecurity #Vigilance #ScamAlert
According to PANews, a recent disclosure by SlowMist highlights a scam involving a purported Web3 team from Ukraine. A community member was asked to clone a GitHub repository during a job interview, which they wisely declined.
The analysis revealed that the repository contained a backdoor. If cloned and executed, it would load malicious code, install harmful dependencies, and steal sensitive browser and wallet data, such as Chrome extension storage and potential mnemonic phrases, leaking them to the attacker's server. This incident underscores the importance of vigilance and the need to avoid running unverified code.#Web3 #JobScam #CyberSecurity #MaliciousCode #GitHub #Backdoor #DataProtection #ITSecurity #Vigilance #ScamAlert
🚀 Steam Game BlockBlasters Linked to Malicious Code and Crypto Losses
#BlockBlasters #Steam #maliciouscode #cryptocurrency #crypto #cryptolosses
According to Foresight News, blockchain investigator ZachXBT has reported that the game BlockBlasters on Steam contains malicious code, leading to approximately $150,000 in cryptocurrency losses. The game has been available for download on the Steam platform for over a month.#BlockBlasters #Steam #maliciouscode #cryptocurrency #crypto #cryptolosses
🚀 Web3 Job Seekers Warned of Malicious Code Traps During Interviews
#Web3 #JobSeekers #MaliciousCode #Cybersecurity #SlowMist #Stealer #CryptoWallets #Bitbucket #PrivateKeys #CyberThreats
According to Odaily, Web3 job seekers have been cautioned about potential malicious code traps during interviews. The warning comes from SlowMist's Cosine, who highlighted an incident where attackers impersonated @seracleofficial, instructing candidates to review and execute code hosted on Bitbucket. Once the victims cloned the code, the program immediately scanned all local .env files, stealing private keys and other sensitive information.
SlowMist experts identified this type of backdoor as a typical stealer, capable of collecting passwords saved in browsers, mnemonic phrases, and private keys from crypto wallets. They emphasized the importance of conducting suspicious code reviews in isolated environments to prevent direct execution on real devices, which could lead to attacks.#Web3 #JobSeekers #MaliciousCode #Cybersecurity #SlowMist #Stealer #CryptoWallets #Bitbucket #PrivateKeys #CyberThreats
🚀 Security Alert Issued Over Malicious Code in Polymarket Trading Bot
#SecurityAlert #MaliciousCode #Polymarket #TradingBot #Cybersecurity #SlowMist #WalletTheft #GitHub
According to BlockBeats, a security warning has been issued by SlowMist Technology's Chief Information Security Officer, 23pds, regarding a malicious code hidden in a Polymarket trading bot program. The program, known as 'polymarket-copy-trading-bot,' was found to contain code that automatically reads users' '.env' files, which include wallet private keys, leading to potential theft of funds. The developer of this program has repeatedly modified and submitted the code on GitHub, intentionally concealing the malicious package.#SecurityAlert #MaliciousCode #Polymarket #TradingBot #Cybersecurity #SlowMist #WalletTheft #GitHub
🚀 GitHub Project Compromised by Malicious Code
#GitHub #MaliciousCode #PolymarketCopyTradingBot #AssetTheft #CyberSecurity #WalletPrivateKeys #Hacker #ExcluderMcpPackage
According to Odaily, the GitHub project known as polymarket-copy-trading-bot has been compromised by malicious code. The program is designed to automatically access the user's .env file upon startup, extracting wallet private keys. These keys are then transmitted to a hacker's server through a concealed malicious dependency package, excluder-mcp-package@1.0.4, resulting in asset theft.#GitHub #MaliciousCode #PolymarketCopyTradingBot #AssetTheft #CyberSecurity #WalletPrivateKeys #Hacker #ExcluderMcpPackage
🚀 Trust Wallet Compensates Users After Security Breach
#TrustWallet #SecurityBreach #APIKeyLeak #MaliciousCode #Compensation #WalletAddresses #AssetsTheft #Sha1HuludAttack #ChromeWebStoreAPI #GitHubCredentials #UserClaims #FixedVersion #WalletSecurity
According to Odaily, a security breach occurred in the Trust Wallet Browser Extension v2.68 between December 24 and 26, 2025, due to an API key leak that led to the upload of malicious code. This incident affected 2,520 wallet addresses, resulting in the theft of approximately $8.5 million in assets. Investigations revealed a connection to the Sha1-Hulud supply chain attack in November, where attackers gained access to the Chrome Web Store API using leaked GitHub credentials.
Trust Wallet has voluntarily decided to compensate affected users and is finalizing the compensation workflow and ownership verification process. The company has begun reaching out to victims who have contacted them officially. Trust Wallet advises affected users to transfer their funds to new wallets immediately and submit claims through the official form. Over 5,000 claims have been received, and the team is reviewing each case individually. Additionally, Trust Wallet has released a fixed version 2.69 and disabled the relevant publishing permissions and credentials.#TrustWallet #SecurityBreach #APIKeyLeak #MaliciousCode #Compensation #WalletAddresses #AssetsTheft #Sha1HuludAttack #ChromeWebStoreAPI #GitHubCredentials #UserClaims #FixedVersion #WalletSecurity
🚀 Trust Wallet Relaunches Chrome Extension and Updates to Version 2.71.0
#TrustWallet #ChromeExtension #Version2.71.0 #CompensationProcess #SecurityIncident #MaliciousCode #Bitcoin #ETH #SOL #CustomerServiceVerification #BTC
According to Odaily, Trust Wallet announced on the X platform that its browser extension is now available again on the Chrome Web Store. Additionally, version 2.71.0 has been released, featuring customer service verification code support to assist with the claims process.
Previously, Trust Wallet initiated a compensation process for victims of a security incident involving its Chrome browser extension. This incident was caused by malicious code embedded in version 2.68 of the software, resulting in the theft of approximately $7 million in assets, including Bitcoin, ETH, and SOL.#TrustWallet #ChromeExtension #Version2.71.0 #CompensationProcess #SecurityIncident #MaliciousCode #Bitcoin #ETH #SOL #CustomerServiceVerification #BTC
🚀 Holdstation Faces Supply Chain Attack Resulting in Significant Losses
#supplychainattack #cybersecurity #userfunds #usdt #accountabstraction #maliciouscode #securitybreach #blockchain #bugbounty
Holdstation, a provider of account abstraction solutions, has experienced a supply chain attack, according to ChainCatcher. The attack involved the theft of developer session tokens, allowing the attacker to bypass two-factor authentication and inject malicious code into an application update, leading to the theft of user funds.
The attack resulted in a loss of 462,000 USDT, with the attacker's address identified as 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. In response, the Holdstation team has suspended services and pledged to fully compensate affected users. They are collaborating with security teams to investigate the incident and have issued a message on the blockchain, hoping to encourage the attacker to return the funds through a bug bounty program.#supplychainattack #cybersecurity #userfunds #usdt #accountabstraction #maliciouscode #securitybreach #blockchain #bugbounty
🚀 Supply Chain Attack Targets PyPI Package LiteLLM with Malicious Code
#SupplyChainAttack #PyPI #LiteLLM #MaliciousCode #CyberSecurity #DataBreach #CloudSecurity #Kubernetes #CryptoSecurity #CI_CD #DatabaseSecurity
A recent supply chain attack has compromised the PyPI package LiteLLM, which is downloaded approximately 97 million times monthly. According to NS3.AI, the malicious version of the package was designed to steal sensitive information, including SSH keys, cloud credentials, Kubernetes files, git credentials, environment variables, cryptocurrency wallets, SSL private keys, CI/CD keys, and database passwords. The attack was short-lived, as the malicious code was available for less than an hour. A bug in the implant led to developer Callum McMahon's machine running out of memory and crashing, inadvertently revealing the attack.#SupplyChainAttack #PyPI #LiteLLM #MaliciousCode #CyberSecurity #DataBreach #CloudSecurity #Kubernetes #CryptoSecurity #CI_CD #DatabaseSecurity
🚀 Apifox Desktop Client Faces Supply Chain Attack with Malicious Code Injection
#Apifox #DesktopClient #SupplyChainAttack #MaliciousCode #JavaScript #CredentialTheft #SensitiveDataExposure #RemoteCommandExecution #SecurityBreach #SlowMist #CyberSecurity #APILogs #TokenRevoke #PasswordReset #APIReview
Apifox's desktop client has been targeted in a supply chain attack, according to PANews. The official CDN-hosted front-end script files were injected with highly obfuscated malicious JavaScript code. Users affected by this breach may face risks such as credential theft, sensitive data exposure, and remote command execution, with the malicious code executing automatically and remaining highly concealed.
Security firm SlowMist advises users to immediately revoke all tokens, reset passwords, log out and log back in to invalidate sessions, block the domain *.apifox.it.com, clear local storage, and review API logs and any abnormal activities.#Apifox #DesktopClient #SupplyChainAttack #MaliciousCode #JavaScript #CredentialTheft #SensitiveDataExposure #RemoteCommandExecution #SecurityBreach #SlowMist #CyberSecurity #APILogs #TokenRevoke #PasswordReset #APIReview
🚀 Security Concerns Raised Over AI Model API Proxy Services
#security #AI #API #maliciouscode #dataprivacy #NS3AI #AWS
A security research team has identified malicious code injections in 26 out of over 400 unofficial AI model API proxy services examined. According to NS3.AI, the report highlights the potential risks associated with these intermediary services, which can modify AI-generated code and compromise sensitive data, including AWS keys.#security #AI #API #maliciouscode #dataprivacy #NS3AI #AWS
🚀 AI TRENDS | University of California Study Reveals Security Risks in Third-Party LLM Routers
#AI #securityrisks #thirdpartyLLM #maliciouscode #credentials #AIagents #UCstudy #smartcontracts #wallets #privatekeys #seedphrases #cybersecurity #ETH
Researchers at the University of California have identified security vulnerabilities in 26 third-party large language model (LLM) routers, which can potentially inject malicious code or steal credentials from AI agent traffic. According to NS3.AI, the study highlighted that one of these routers was able to drain Ether from a decoy wallet, although the reported financial loss remained under $50. The research paper cautioned developers who utilize AI coding agents for smart contracts or wallets, noting that private keys or seed phrases could be exposed when requests are routed through unscreened routers.#AI #securityrisks #thirdpartyLLM #maliciouscode #credentials #AIagents #UCstudy #smartcontracts #wallets #privatekeys #seedphrases #cybersecurity #ETH