CYFIRMA Research

CYFIRMA Research: New NPM Supply Chain Campaign Identified- A Multi-Stage Cryptocurrency Malware with More Than 2.7 million Downloads

CYFIRMA

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 6:40

Alert : Major NPM Supply Chain Attack Exposed: 2.7M+ Downloads Impacted

CYFIRMA Researchers identified 11 malicious npm packages targeting blockchain and Web3 developers, highlighting the growing risks within the open-source software supply chain.

The attack demonstrates how a single typo or unverified dependency can introduce malicious code into development workflows. As Web3 adoption grows, software supply chains continue to be a high-value target for threat actors seeking access to sensitive credentials and digital assets.

Organizations should strengthen dependency validation, continuously monitor open-source components, and enforce security controls across development pipelines.

Link to the Research Report: https://www.cyfirma.com/research/new-npm-supply-chain-campaign-identified-a-multi-stage-cryptocurrency-malware-with-more-than-2-7-million-downloads/

#CYFIRMA #CyfirmaResearch #CyberSecurity #ThreatIntelligence #SupplyChainSecurity #OpenSourceSecurity #npm #Web3 #Blockchain #MalwareAnalysis #DevSecOps #ApplicationSecurity #SoftwareSupplyChain #ThreatResearch #InfoSec #ETLM #ExternalThreatLandscapeManagement

https://www.cyfirma.com/