Tag:

downloads

Virus symbol, computer protection, cyber attack, antivirus, digital worm and bug icon. Futuristic abstract concept 3d rendering illustration.
Gaming Gear

A terrifying, self-replicating malwaere has infected npm packages with over 2 million downloads per week – here’s how to stay safe

by admin



  • A new supply-chain attack compromised at least 187 npm packages, targeting developer secrets across software projects
  • Shai-Hulud worm looks to steal credentials, modify packages, and spread malware through GitHub Actions and npm tokens
  • Researchers warn the number of compromised packages is likely to grow

At least 187 malicious npm packages have been uncovered, part of a yet another major supply-chain attack against software developers.

Security researchers from Socket, StepSecurity, and Aikido all detected an ongoing campaign, apparently being orchestrated by the same group that targeted Nx several weeks ago.

Similar to that campaign, in this one the miscreants were also after developer secrets, including login credentials, AWS keys, GCP and Azure service credentials, GitHub personal access tokens, cloud metadata endpoints, or npm authentication tokens.


You may like

Many affected

However, the attack methodology evolved, the researchers noted.

“The scale, scope and impact of this attack is significant,” they explained. “The attackers are using the same playbook in large parts as the original attack, but have stepped up their game.”

This time around, the attackers created a worm, called Shai-Hulud (a nod to the Dune worm), which not only steals secrets and publishes them to GitHub publicly (using tools like TruffleHog and queries on cloud metadata endpoints), but also drops a malicious GitHub Action that sends secrets to an attacker-controlled webhook and hides them in logs, and uses stolen npm tokens to modify and republish every package the maintainer controls, embedding the worm in each one.

Among the compromised npm packages are those from cybersecurity experts CrowdStrike, as well as others with millions of weekly downloads.

CrowdStrike, on its end, did what it could to mitigate the risk and minimize the damage.

“After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, a third-party open source repository, we swiftly removed them and proactively rotated our keys in public registries,” a CrowdStrike spokesperson said, The Register reports.

“These packages are not used in the Falcon sensor, the platform is not impacted and customers remain protected. We are working with NPM and conducting a thorough investigation.”

At the moment the number of packages affected by the attack sits at 187, the researchers warned that the number will most likely continue to rise. Some potentially compromised packages are currently pending validation.

Via The Register

You might also like



Source link

0 comments
0 FacebookTwitterPinterestEmail
DOGE (Virginia Marinova/Unsplash)
GameFi Guides

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

by admin



Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account.

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.

Guillemet did not name the developer whose account he said was compromised.

The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly.

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.

The malicious payload works…

— Charles Guillemet (@P3b7_) September 8, 2025

“NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages.

“The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added.

Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds.

“The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and ensure they match the intended addresses.”

“Hardware wallets without secure screens and any wallet that doesn’t support Clear signing is at high risk as it is impossible to accurately verify the transaction details are correct,” he added.

“It’s an opportunity to remind everyone: always verify your transactions, never blind sign, use a hardware wallet with a secure screen, and Clear Sign everything,” Guillemet said.

Read more: Ledger CTO Addresses Criticism of New Wallet Recovery Service





Source link

0 comments
0 FacebookTwitterPinterestEmail
Final Fantasy Tactics art
Product Reviews

Final Fantasy Tactics remaster devs built a replacement for its lost source code from fansite downloads, director says: ‘I do want to thank all of the fans for all of their help in keeping that information archived’

by admin



Back in June, Final Fantasy Tactics: The Ivalice Chronicles director Kazutoyo Maehiro offered something of an explanation for why it’s been more than a decade since FF Tactics has been playable on current platforms: Square Enix had lost the game’s original source code.

At a recent PAX West 2025 panel on August 30, Maehiro offered additional details on how the devs of the Ivalice Chronicles remaster stitched together a replacement for the original FF tactics source code, and how we should all thank fan archivists for their contributions to that effort.

“It’s true that we didn’t have the source code,” Maehiro said via translator. “The reason we didn’t have that has to do with how we managed things at the time.”


Related articles

Today, Maehiro said, Square Enix has “some really nice resource management tools” that archive a new version of a game’s code with every minute, daily update. But during the original development of Final Fantasy Tactics, the protocols were… a bit more lax, particularly while localizing the game in different languages.

“We would take the data from the Japanese version and overwrite the English data on it. And then if we wanted to do another language, we would just keep stacking data on top and overwriting and overwriting,” Maehiro said. “Basically, because we kept doing all that overwriting, the true original ceased to exist.”

That sound you hear is the collective shuddering of all the world’s programmers.

(Image credit: Square Enix)

While Square Enix didn’t have to start from scratch for The Ivalice Chronicles, Maehiro said it was “difficult” to reassemble “the true original” of Final Fantasy Tactics from its PS1 release and its ports on PSP and mobile. Eventually, the Square Enix devs turned to the ultimate archival authority: the devoted sickos on Final Fantasy fan sites.

“We were using whatever resources we had available to us. We analyzed all those different versions to try and find what we felt was the original,” Maehiro said. “On top of that, we actually went to different websites made by fans and looked for data there, because we know you guys do such a good job of keeping that all up to date.”

After acknowledging the efforts of the “really good” engineering team that analyzed the various versions to reconstruct the ur-Final Fantasy Tactics, Maehiro offered his gratitude for fan archivists and game preservationists.

“I do want to thank all of the fans for all of their help in keeping that information archived like you do,” Maehiro said. “I think with all of that put together, we were able to make a very good version of the game that is true to the original.”



Source link

0 comments
0 FacebookTwitterPinterestEmail
Close