Several malicious packages have been identified on npm and PyPI that pose as developer tools while stealing cryptocurrency wallet credentials. These include react-native-scrollpageviewtest, web3x, and herewalletbot, with thousands of downloads. They use sophisticated methods to exfiltrate sensitive information through channels like Google Analytics and Telegram bots, highlighting vulnerabilities in the software supply chain.
Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
Cybersecurity researchers have identified a new malware campaign that targets Docker environments by using a novel method to mine cryptocurrency. This involves deploying a malware
