慢雾:供应链攻击波及PyPI/npm/crates.io,超34个恶意包瞄准加密与AI开发者
BlockBeats 消息,5 月 25 日,据慢雾披露,安全机构MistEye检测到一起跨注册表供应链攻击事件,攻击者通过向npm、PyPI和crates.io发布恶意软件包,针对加密货币、DeFi、Solana、Sui/Move及AI领域的开发者。该攻击活动包含34个以上的恶意软件包和384个以上相关版本。
攻击者可能窃取加密货币钱包、SSH密钥、云凭证、GitHub/AWS令牌、浏览器数据、环境变量及开发者机密信息。部分恶意负载还试图通过.cursorrules、CLAUDE.md、Git钩子、shell钩子、cron、systemd和SSH实现持久化驻留。
建议开发者立即移除受影响的软件包,隔离受影响系统,保留日志,轮换已暴露的凭证,从干净镜像重建CI运行环境和开发者机器,并审查GitHub、云服务、SSH及钱包活动记录。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
ChainCatcher•10h agoSui ecosystem updates: zero-gas transfer implementation, renewed ecosystem project Premium Exchange
TechFlow•18h agoSlowMist discloses cross-registry supply chain attacks, with crypto and AI developers becoming key targets
币界网•4d agoOKX will support the SUI network upgrade
Blockbeats•4d agoSui introduces gas-free stablecoin transfers, simplifying global payment infrastructure
TechFlow•4d agoSUI Group: SUI holdings exceed 108 million tokens, with a market capitalization of approximately $115 million
TechFlow•10d agoSUI Group co-led Nof1's $15 million funding round with London-based hedge fund Karatage
Odaily•12d agoGate Leverage Now supports XAUT (gold), XAG (silver), CL (crude oil), and supports up to 200x leverage
ChainCatcher•14d agoSui launches a new gold RWA DeFi application that supports on-chain lending and yield generation
Odaily•14d agoAnalysis: Bitcoin funds attracted more than $700 million in a single week, and institutional funds flowed into the crypto market for five consecutive weeks
ChainCatcher•14d agoMysten Labs co-founder: This year, confidential transactions will be launched on Sui to achieve large-scale free private payments
Trending crypto
