-
🚨 Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822K weekly downloads.
Affected versions:
[email protected]
[email protected]
[email protected]Socket’s AI scanner flagged the malware within ~3 minutes of publication.
Early analysis shows obfuscated stealer/backdoor behavior, including host fingerprinting, local file enumeration, payload wrapping, and attempted exfiltration.
-
cc: @campuscodi
-
🐘 @packagist is urging #PHP projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs.
GitHub has rolled back the token change for now, but affected projects still need to update Composer.
https://socket.dev/blog/packagist-urges-immediate-composer-update
-
🚨 We detected malicious #dYdX client packages published to npm and PyPI after a maintainer account compromise, enabling wallet theft and remote code execution.
Full investigation → https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi #crypto
-
🚨 New Research: Threat actors compromised four #OpenVSX extensions, pushed malicious updates that load encrypted malware, evade Russian locales, and fetch C2 instructions via #Solana memos, leading to macOS credential and wallet theft.
Full analysis: https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise
-
🚨 New from the Socket Threat Research Team: 5 coordinated Chrome extensions hijack sessions and block security controls in enterprise HR and ERP platforms like Workday and NetSuite.
Full report → https://socket.dev/blog/5-malicious-chrome-extensions-enable-session-hijacking #CyberSecurity #EnterpriseSecurity
-
🚨 New research: A malicious Chrome Web Store extension is stealing newly created #MEXC API keys and exfiltrating them to a Telegram bot, enabling full account takeover with trading and withdrawal rights.
Details → https://socket.dev/blog/malicious-chrome-extension-steals-mexc-api-keys #crypto
-
🚨 New threat research: An impostor #NuGet package typosquatted a popular .NET tracing library and its author, using homoglyph tricks to blend in, then exfiltrated #Stratis wallet JSON and passwords to a Russian IP address.
Full report →
https://socket.dev/blog/malicious-nuget-package-typosquats-popular-net-tracing-library #dotnet -
🚨 Socket’s Threat Research Team uncovered a malicious Chrome extension posing as an #Ethereum wallet. It steals seed phrases by encoding them into #Sui transactions and leaks them on-chain - no C2 needed.
→ https://socket.dev/blog/malicious-chrome-extension-exfiltrates-seed-phrases #crypto