CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Malicious npm packages impersonate Flashbots to steal Ethereum wallet keys

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Four malicious npm packages have been identified that impersonate legitimate cryptographic utilities and Flashbots MEV infrastructure. These packages, uploaded by a user named "flashbotts" between September 2023 and August 2025, steal Ethereum wallet credentials from developers. The packages exfiltrate private keys and mnemonic seeds to a Telegram bot controlled by the threat actor. The packages are still available for download and have been downloaded multiple times. The most dangerous package, @flashbotts/ethers-provider-bundle, redirects unsigned transactions to an attacker-controlled wallet and logs metadata from pre-signed transactions. Other packages include functions to transmit mnemonic seed phrases and exfiltrate arbitrary data. The threat actor may be Vietnamese-speaking, as indicated by comments in the source code. The packages exploit developer trust in familiar package names and obscure malicious functionality amidst mostly harmless code.

Timeline

  1. 06.09.2025 09:42 πŸ“° 1 articles Β· ⏱ 10d ago

    Malicious npm packages impersonating Flashbots discovered

    Four malicious npm packages have been identified that impersonate legitimate cryptographic utilities and Flashbots MEV infrastructure. These packages, uploaded by a user named "flashbotts" between September 2023 and August 2025, steal Ethereum wallet credentials from developers. The packages exfiltrate private keys and mnemonic seeds to a Telegram bot controlled by the threat actor. The packages are still available for download and have been downloaded multiple times. The most dangerous package, @flashbotts/ethers-provider-bundle, redirects unsigned transactions to an attacker-controlled wallet and logs metadata from pre-signed transactions. Other packages include functions to transmit mnemonic seed phrases and exfiltrate arbitrary data.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Supply Chain Attack Targeting npm Registry Compromises 40 Packages

A supply chain attack targeting the npm registry has compromised over 187 packages maintained by multiple developers. The attack uses a malicious script (bundle.js) to steal credentials from developer machines. The compromised packages include various npm modules used in different projects. The attack is capable of targeting both Windows and Linux systems. The malicious script scans for secrets using TruffleHog's credential scanner and transmits them to an external server controlled by the attackers. Developers are advised to audit their environments and rotate credentials if the affected packages are present.

Open in new tab

Resurfaced ChillyHell macOS Backdoor Discovered

A new version of the ChillyHell modular backdoor malware targeting macOS has been discovered. The malware, first seen in 2022, was used in attacks against Ukrainian officials and has now resurfaced with updated capabilities. ChillyHell provides remote access, payload delivery, and password brute-forcing. The malware was notarized by Apple in 2021 and has been publicly hosted on Dropbox since then. The malware disguises itself as an executable applet and deploys as a persistent backdoor, capable of retrieving sensitive data and evading detection. It employs multiple persistence mechanisms and can communicate over different protocols. It also features timestamping to cover its tracks. Apple has revoked the notarization of the developer certificates associated with the malware after being notified. ChillyHell is written in C++ and targets Intel architectures. It is attributed to an uncategorized threat cluster dubbed UNC4487, which has been active since at least October 2022. UNC4487 is suspected to be an espionage actor targeting Ukrainian government entities.

Open in new tab

Supply Chain Attack on npm Packages with Billions of Weekly Downloads

A supply chain attack compromised multiple npm packages with over 2.6 billion weekly downloads. Attackers injected malicious code into these packages after hijacking a maintainer's account via phishing. The malware targets web-based cryptocurrency transactions, redirecting them to attacker-controlled wallets. The attack was detected and mitigated by the NPM team, who removed the malicious versions within two hours. The phishing campaign targeted multiple maintainers, using a fake domain to trick them into updating their 2FA credentials. The malicious code operates by hooking into JavaScript functions and wallet APIs, intercepting and altering cryptocurrency transactions. The attack impacts users who installed the compromised packages during a specific time window and have vulnerable dependencies. The attack targeted Josh Junon, also known as Qix, who received a phishing email mimicking npm. The phishing email prompted the maintainer to enter their username, password, and 2FA token, which were stolen via an adversary-in-the-middle (AitM) attack. The attack affected 20 packages, including ansi-regex, chalk, debug, and others, with over 2 billion weekly downloads. The malware intercepts cryptocurrency transaction requests by computing the Levenshtein distance to swap the destination wallet address. The payload hooks into window.fetch, XMLHttpRequest, and window.ethereum.request, along with other wallet provider APIs. The attack also compromised another maintainer, duckdb_admin, to distribute the same wallet-drainer malware. The affected packages from the second maintainer include @coveops/abi, @duckdb/duckdb-wasm, and prebid, among others. The attack impacted roughly 10% of all cloud environments. The attackers diverted five cents worth of ETH and $20 worth of a virtually unknown memecoin. The attacker’s wallet addresses holding significant amounts have been flagged, limiting their ability to convert or use the funds.

Open in new tab

VS Code Marketplace Flaw Allows Reuse of Deleted Extension Names

A flaw in the Visual Studio Code Marketplace allows threat actors, notably WhiteCobra, to republish deleted extensions under the same names. This vulnerability was discovered after identifying a malicious extension named "ahbanC.shiba" that mimicked previously flagged extensions. The flaw enables attackers to reuse names of removed extensions, posing a risk to software supply chain security. The malicious extensions act as downloaders, retrieving a PowerShell payload that encrypts files and demands Shiba Inu tokens. This issue highlights the need for secure development practices and proactive monitoring of software repositories. WhiteCobra has targeted VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ongoing as the threat actor continuously uploads new malicious code to replace the extensions that are removed. The group is responsible for the $500,000 crypto-theft in July, through a fake extension for the Cursor editor.

Open in new tab

Malicious nx Packages Exfiltrate 2,349 GitHub, Cloud, and AI Credentials

A supply chain attack on the nx build system allowed attackers to publish malicious versions of the popular npm package and auxiliary plugins. These versions contained data-gathering capabilities that exfiltrated 2,349 credentials from GitHub, cloud, and AI services. The attack occurred on August 26, 2025, affecting multiple versions of the nx package and related plugins. The compromised packages were removed from the npm registry, and users were advised to rotate credentials and check for malicious modifications in their systems. The malicious packages scanned file systems, collected credentials, and posted them to GitHub repositories under the users' accounts. The attack exploited a vulnerable workflow introduced on August 21, 2025, which allowed for arbitrary command execution and elevated permissions. The attack took approximately four hours from start to finish, resulting in the exfiltration of around 20,000 sensitive files. The attackers used AI-powered CLI tools to dynamically scan for high-value secrets and modified shell startup files to crash the system upon terminal session opening. A second attack wave was identified on August 28, 2025, affecting over 190 users/organizations and over 3000 repositories. The second wave involved making private repositories public and creating forks to preserve data. The attack unfolded in three distinct phases affecting 2,180 accounts and 7,200 repositories. The first phase impacted 1,700 users and leaked over 2,000 unique secrets. The second phase compromised 480 accounts and exposed 6,700 private repositories. The third phase targeted a single organization, publishing an additional 500 private repositories.

Open in new tab