BusinessPostCorner.com
No Result
View All Result
Sunday, June 1, 2025
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
BusinessPostCorner.com
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources
No Result
View All Result
BusinessPostCorner.com
No Result
View All Result

New Malicious Campaign Targets Atomic and Exodus Wallets

April 11, 2025
in Crypto News
Reading Time: 4 mins read
A A
0
New Malicious Campaign Targets Atomic and Exodus Wallets
ShareShareShareShareShare

The security firm ReversingLabs’ research team has discovered yet another campaign targeting specific versions of the popular crypto wallets Exodus and Atomic.

According to the report, threat actors “have been targeting the cryptocurrency community hard lately.” They’re using various methods to hijack popular and legitimate crypto packages to loot people’s wallets.

However, the researchers highlight that hijacking open-source packages is difficult due to the size of the open-source software (OSS) developer community. The tampered-with OSS packages will be detected.

🧵 RL researchers have identified yet another #npm package that uses malicious patching of local software to hijack #cryptocurrency transfers. Get the full story.👇 https://t.co/lbyNR5cp8Z

— ReversingLabs (@ReversingLabs) April 10, 2025

Therefore, threat actors are working hard to make their methods more obscure. A new technique that ReversingLabs discovered is uploading packages to OSS repositories and having them apply malicious ‘patches’ to local versions of legitimate libraries.

The goal is the same: install an unnoticeable malicious code in a popular, trusted local library.

The researchers found “a number of campaigns” in recent weeks attempting this strategy. Notably, on 1 April, a malicious entity published a package, pdf-to-office, to the npm package manager. This package posed as a library for converting PDF to Microsoft Office documents.

Once executed, it would inject malicious code into locally installed Atomic Wallet and Exodus. It would overwrite existing files. “Effectively, a victim who tried to send crypto funds to another wallet would have the intended destination address swapped out for one belonging to the malicious actor,” the report states.

List of TH policies in package pdf-to-office@1.0.2. Source: ReversingLabs

Additionally, this campaign is quite similar to the one the researchers discussed in a research post in March.

In both of these cases, the malicious campaign had no effect on the official Atomic Wallet and Exodus Wallet installers available on the websites.

You might also like
N.Korean Hackers Boost Crypto-Looting Methods: Hiding Malware in GitHub, NPM Packages

Aiming for Specific Wallet Versions

ReversingLabs first detected the pdf-to-office package after its update to npm on 1 April. It was removed soon after detection. But a couple of days later, the threat actor published a new version that looked like the first one. They released three versions of the package over a few weeks in March and April with the same functionality.

The malicious payload worked to detect the presence of the atomic/resources/app.asar archive inside AppData/Local/Programs directory. Finding it would mean that the unsuspecting user installed Atomic Wallet on their now-infected computer.

Then, the malicious code searched for the archive to overwrite one of its files with a trojanized version that changes the outgoing crypto address. Now, the funds would go straight to the threat actor’s wallet.

“That was the only difference between the legitimate and trojanized file, except that the malicious version of the file was not minified,” the report notes.

The difference between a legitimate and trojanized file. Source: ReversingLabs

Additionally, the threat actors focused on specific versions of Atomic. The attack code would adjust which files were overwritten based on the wallet version it found.

Moreover, there was a malicious payload that attempted to inject a trojanized file inside a legitimate, locally-installed Exodus wallet. It targeted the two latest versions of Exodus.

Also, if the victim removed the package pdf-to-office from the computer, the Web3 wallets’ software would still remain compromised. This means it would continue directing crypto to the attackers’ wallet.

“The only way to completely remove the malicious trojanized files from the Web3 wallets’ software would be to remove them completely from the computer and re-install them,” ReversingLabs concludes.

Meanwhile, North Korea’s Lazarus group has been targeting crypto developers via npm supply chain attacks for months in a highly sophisticated global campaign to steal funds and data.

You might also like
Crypto Mining Malware and Open Source Malware Packages Doubled in Q1 2025

The post New Malicious Campaign Targets Atomic and Exodus Wallets appeared first on Cryptonews.


Credit: Source link

ShareTweetSendPinShare
Previous Post

Web3 Longevity Protocols Want to Help Users Live Longer More Affordably

Next Post

Trump’s Global Tariffs Impact Even Large Bitcoin Miners

Next Post
Trump’s Global Tariffs Impact Even Large Bitcoin Miners

Trump’s Global Tariffs Impact Even Large Bitcoin Miners

FTX Recovery Trust Begins B Second Payout to Creditors

FTX Recovery Trust Begins $5B Second Payout to Creditors

May 31, 2025
Tesla tested its robotaxi with Austin employees on a closed-street last week, but city officials and first responders say they’re still waiting for key info ahead of June launch

Tesla tested its robotaxi with Austin employees on a closed-street last week, but city officials and first responders say they’re still waiting for key info ahead of June launch

May 26, 2025
Gen Z and boomers are driving a leadership vacuum that’s threatening productivity and morale at work

Gen Z and boomers are driving a leadership vacuum that’s threatening productivity and morale at work

May 31, 2025
Creating in-roads with millennial and Gen Z employees

Creating in-roads with millennial and Gen Z employees

May 30, 2025
Costco takes a page from rival Sam’s Club to speed up checkout in its warehouses with ‘Scan & Pay’

Costco takes a page from rival Sam’s Club to speed up checkout in its warehouses with ‘Scan & Pay’

May 30, 2025
US goods imports tumble 20% in April as Trump’s tariffs disrupt trade

US goods imports tumble 20% in April as Trump’s tariffs disrupt trade

May 30, 2025
BusinessPostCorner.com

BusinessPostCorner.com is an online news portal that aims to share the latest news about following topics: Accounting, Tax, Business, Finance, Crypto, Management, Human resources and Marketing. Feel free to get in touch with us!

Recent News

Big Tech is back in S&P 500 driver’s seat as profit engines hum

Big Tech is back in S&P 500 driver’s seat as profit engines hum

June 1, 2025
Pro-EU candidate takes narrow lead in Polish presidential election, exit poll says

Pro-EU candidate takes narrow lead in Polish presidential election, exit poll says

June 1, 2025

Our Newsletter!

Loading
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • DMCA

© 2023 businesspostcorner.com - All Rights Reserved!

No Result
View All Result
  • Home
  • Business
  • Finance
  • Accounting
  • Tax
  • Management
  • Marketing
  • Crypto News
  • Human Resources

© 2023 businesspostcorner.com - All Rights Reserved!