Cybersecurity researchers have identified a significant threat within the npm ecosystem: three malicious packages designed to deploy a previously undocumented malware dubbed NodeCordRAT. This discovery highlights an ongoing risk targeting Web3 software supply chains. The packages, uploaded by a user named “wenmoonx,” masqueraded as legitimate Bitcoin-related libraries. The affected packages and their reported download counts were:
– bitcoin-main-lib (2,300 Downloads)
– bitcoin-lib-js (193 Downloads)
– bip40 (970 Downloads)
NodeCordRAT functions as a Remote Access Trojan (RAT), enabling attackers to maintain persistence and potentially harvest sensitive data, including credentials vital for wallet access. While these packages have been successfully removed as of November 2025, the substantial number of downloads (totaling approximately 3,400) serves as a stark reminder. Developers must employ rigorous vetting processes for all dependencies, especially those mimicking popular crypto libraries, to mitigate the risk of sophisticated malware injection.
Source: Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
コメント