LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied.
https://www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/
BleepingComputer /
npub1j7…v7hg2
2024-10-31 09:02:51
Author Public Key
npub1j7dz37jrwqhehe8ydzpk5kcjpnzzv53h7s54lj62nv5w9fcar34suv7hg2Published at
2024-10-31 09:02:51Event JSON
{
"id": "62125fcc52c89c9cdc97eb0c88e9ee816ec7d29bdddfe6a2ea5476ceca37ef81",
"pubkey": "979a28fa43702f9be4e468836a5b120cc4265237f4295fcb4a9b28e2a71d1c6b",
"created_at": 1730365371,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/BleepingComputer/statuses/113401225006720449",
"activitypub"
]
],
"content": "LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied.\n\nhttps://www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/",
"sig": "e41a9ed72255d880d162639ab9c8d279abc699ad19a4431b8e8889ba202cbaaa32a9940bac5f0a188c5d815033f08e02afc0b52adae129c243a06d90ec16a65e"
}