Injective software package hit by malicious supply chain attack – Details
The post Injective software package hit by malicious supply chain attack – Details appeared on BitcoinEthereumNews.com. Software supply chain attacks have become more common, with attackers increasingly targeting trusted developer tools instead of end users. In the latest incident, attackers compromised a trusted Injective Labs software package to steal developers’ wallet credentials. Source: Socket How did Injective SDK attack unfold? The attacker uploaded a malicious version of the TypeScript SDK, @injectivelabs/sdk-ts v1.20.21, to npm. The package was designed for building Injective applications, creating wallets, and signing transactions. The attacker then gained access to a legitimate Injective Labs contributor’s GitHub account and distributed malicious commits. One test branch was named “test-backdoor-check.” Under the guise of telemetry, the attacker published the compromised package to npm. Instead of collecting usage data, the malware extracted private keys and mnemonic seed p