The attackers reportedly used Hugging Face repositories to exfiltrate stolen information, making the activity harder to detect. The campaign now forms part of the ongoing software supply-chain risks for developers and crypto users, particularly those storing wallet credentials, API keys, and other sensitive assets on development machines. Microsoft Exposes New Malware Campaign Microsoft warned that cybercriminals are targeting developers and cryptocurrency users through malicious software hidden inside public npm packages. According to Microsoft Threat Intelligence, two compromised npm packages, identified as utils-terminal@3.2.1 and logger-active@3.2.1, were discovered distributing a remote access trojan (RAT) capable of stealing sensitive information from infected systems. The malicious packages were reportedly designed to collect a wide range of data, including keystrokes, screenshots, cryptocurrency wallet credentials, and other confidential information. Since npm is one of the most widely used software registries for JavaScript developers, the threat has the potential to impact a large number of users who unknowingly install compromised dependencies while building applications or web services. Microsoft explained that the attackers used Hugging Face, a popular platform for artificial intelligence and machine learning projects, as part of their data exfiltration process. By routing stolen information through a trusted platform, the malicious activity may appear less suspicious than communications with traditional command-and-control servers, making detection more difficult for security teams. The threat is particularly concerning for crypto developers and investors. Developer workstations often contain browser-based crypto wallets, private keys, seed phrase backups, exchange API credentials, GitHub access tokens, and cloud service credentials. If attackers gain access to these assets, they could potentially compromise cryptocurrency holdings, development environments, trading systems, and source code repositories. Microsoft’s findings also align with a trend of attacks targeting software supply chains. In May, security researchers uncovered the TrapDoor malware campaign, which spread through dozens of malicious packages across npm, PyPI, and Rust repositories. That operation specifically targeted crypto and artificial intelligence developers by attempting to steal wallet data, cloud credentials, API keys, and SSH access. Blog post from Socket research team The latest warning also follows another recent report from Microsoft involving cryptojacking malware. In that campaign, attackers allegedly used poisoned search results and manipulated AI chatbot interactions to direct users toward fake software downloads. Once installed, the malicious programs leveraged system resources to mine cryptocurrency without the victims’ knowledge. Security experts recommend that developers carefully review newly installed packages, remove suspicious dependencies, rotate potentially exposed credentials, and monitor wallet activity for unauthorized transactions. Crypto users are also advised to avoid storing seed phrases on internet-connected devices and to thoroughly verify all wallet transactions before approving them.
US SEC and CFTC Sign MoU to Coordinate Crypto Regulation and...
Kraken Announces Pi Network Listing Ahead of Pi Day PI Price...
UEX US Expands Its Ecosystem: A Platform Where Digital Asset...
XRP Price Prediction: Can Bulls Push XRP Above $2 After This...
ETH News: Why Institutions Keep Choosing Ethereum Over Other...
Trump-Linked WLFI Launches World Swap Forex Platform
Thailand Approves Bitcoin for Derivatives Market, Crypto ETF...
Coinbase CEO Brian Armstrong Sells $550M in Shares as COIN S...
