THREAT OPS › Threat News › Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases.
The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was
MITRE ATT&CK techniques
- Private KeysT1552.004
- Malicious PackageAML.T0011.001