PANews 4月11日消息,据Cointelegraph报道,网络安全人员发现最新威胁,针对Atomic钱包和Exodus钱包用户的攻击者正将恶意软件包上传至在线代码存储库,意图窃取加密货币私钥。ReversingLabs安全研究人员指出,该漏洞利用手段通过将恶意代码隐藏在看似合法的npm软件包中实施攻击,这些预先构建的代码包被软件开发人员广泛使用。
恶意软件包通过安装补丁程序锁定本地安装的Atomic钱包和Exodus钱包文件,覆盖原有文件以篡改用户界面,诱导不知情受害者将加密货币转账至诈骗地址。随着加密货币行业持续与黑客上演猫鼠游戏,软件供应链攻击正成为针对持币者的新型威胁载体——攻击者采用日益复杂的规避检测手段,试图窃取用户资金。
Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.