by Paul McCarty | Feb 18, 2025 | Uncategorized
The software supply chain attacks on crypto and web3 continue unabated. Today I identified a new malicious NPM package that is delivering a sophisticated multi-stage malware payload. It’s targeting web3 developers by appearing to be the popular Truffle Suite...
by Paul McCarty | Feb 16, 2025 | Uncategorized
I’ve identified an NPM package deploying a new malware strain targeting the Exodus Wallet application. While this attack lacked finesse, it’s interesting because it was written in a new language to evade detection. I thought it was worth a write-up in my...
by Paul McCarty | Feb 8, 2025 | Uncategorized
Over the years, I’ve talked with a lot of developers and engineering teams—first during my DevSecOps consulting work, then while building SecureStack. Now, as I focus full-time on software supply chain research and red teaming, I’ve noticed several...
by Paul McCarty | Feb 6, 2025 | Uncategorized
I’ve identified a malicious NPM package named “web3-parser” that targets web3 and crypto developers. When the library is called from within a Javascript app, it exfils all data that you asked it to parse to a third-party web service controlled by...
by Paul McCarty | Feb 6, 2025 | Uncategorized
Our research has identified a package masquerading as the popular NPM package “Prettier” library. This package was published in the NPM registry in September 2024 and was taken offline in mid January 2025. The package was published by a user named...
