市值: $2.1255T 4.27%
體積(24小時): $93.4122B 20.04%
  • 市值: $2.1255T 4.27%
  • 體積(24小時): $93.4122B 20.04%
  • 恐懼與貪婪指數:
  • 市值: $2.1255T 4.27%
加密
主題
加密植物
資訊
加密術
影片
頭號新聞
加密
主題
加密植物
資訊
加密術
影片
bitcoin
bitcoin

$87959.907984 USD

1.34%

ethereum
ethereum

$2920.497338 USD

3.04%

tether
tether

$0.999775 USD

0.00%

xrp
xrp

$2.237324 USD

8.12%

bnb
bnb

$860.243768 USD

0.90%

solana
solana

$138.089498 USD

5.43%

usd-coin
usd-coin

$0.999807 USD

0.01%

tron
tron

$0.272801 USD

-1.53%

dogecoin
dogecoin

$0.150904 USD

2.96%

cardano
cardano

$0.421635 USD

1.97%

hyperliquid
hyperliquid

$32.152445 USD

2.23%

bitcoin-cash
bitcoin-cash

$533.301069 USD

-1.94%

chainlink
chainlink

$12.953417 USD

2.68%

unus-sed-leo
unus-sed-leo

$9.535951 USD

0.73%

zcash
zcash

$521.483386 USD

-2.87%

加密貨幣新聞文章

NPM攻擊,加密惡意軟件和JavaScript庫:十億個下載危險

2025/09/09 02:07

黑客正在損害JavaScript庫,注射加密偷竊惡意軟件。數以百萬計的應用程序和無數開發人員可能面臨風險。

NPM攻擊,加密惡意軟件和JavaScript庫:十億個下載危險

NPM Attacks, Crypto Malware, and JavaScript Libraries: A Billion Downloads at Risk

NPM攻擊,加密惡意軟件和JavaScript庫:十億個下載危險

Hold on to your hats, folks! The JavaScript ecosystem just got a whole lot wilder. A massive supply chain attack is targeting NPM (Node Package Manager), injecting crypto-stealing malware into widely used JavaScript libraries. We're talking billions of downloads at risk, and the potential impact is huge.

抓住你的帽子,伙計們! JavaScript生態系統剛剛變得非常荒野。大規模的供應鏈攻擊是針對NPM(節點軟件包管理器),將加密盜竊惡意軟件注入廣泛使用的JavaScript庫中。我們正在談論有數十億美元的下載危險,並且潛在的影響是巨大的。

The Lowdown: Crypto Malware in Your JavaScript

Lowdown:JavaScript中的加密惡意軟件

So, what's happening? Hackers compromised the NPM account of a reputable developer and slipped malware into popular JavaScript libraries. These libraries, like chalk, strip-ansi, and color-convert, are small utilities that are used in countless projects. They're downloaded over a billion times a week. Even if you don't directly use them, they might be lurking in your project's dependencies.

那麼,發生了什麼事?黑客損害了信譽良好的開發人員的NPM帳戶,並將惡意軟件滑入流行的JavaScript庫中。這些圖書館,例如粉筆,脫衣舞和顏色轉換,是無數項目中使用的小型公用事業。他們每週下載超過十億次。即使您不直接使用它們,它們也可能潛伏在項目的依賴項中。

How the Attack Works: Crypto-Clippers and Phishing

攻擊的工作原理:加密刀具和網絡釣魚

The attackers are using a type of malware called a crypto-clipper. This sneaky little piece of code silently replaces crypto wallet addresses during transactions, diverting funds to the attacker's wallet. Imagine sending Bitcoin and it ending up in the wrong hands – nightmare fuel, right?

攻擊者正在使用一種稱為加密脫機的惡意軟件。這片偷偷摸摸的一小塊代碼在交易期間默默地取代了加密錢包的地址,將資金轉移到了攻擊者的錢包上。想像一下,發送比特幣,最終出現在錯誤的手中 - 噩夢燃料,對嗎?

The hackers gained access through phishing emails, posing as NPM support. They tricked maintainers into “updating” their two-factor authentication on a fake site, stealing their login credentials. With control of the maintainer's account, they pushed malicious updates to the packages.

黑客通過網絡釣魚電子郵件獲得了訪問權限,並作為NPM支持。他們欺騙了維護者在假網站上“更新”其兩因素身份驗證,從而竊取了他們的登錄憑據。通過控制維護者的帳戶,他們將惡意更新推向包裝。

Who's at Risk? Software Wallets Beware!

誰有危險?軟件錢包當心!

Security researchers warn that users of software wallets are especially vulnerable. Hardware wallet users who confirm every transaction are safer. Charlie Eriksen from Aikido Security notes the attack operates at multiple layers, manipulating website content, API calls, and even what users' apps believe they are signing.

安全研究人員警告說,軟件錢包的用戶特別容易受到傷害。確認每筆交易的硬件錢包用戶更安全。 Aikido Security的Charlie Eriksen注意到,攻擊在多層操作,操縱網站內容,API調用,甚至用戶的應用程序認為他們在簽名。

The Big Picture: Supply Chain Attacks and JavaScript Security

大局:供應鏈攻擊和JavaScript安全

This attack highlights the increasing risk of supply chain attacks. NPM, as a central repository for JavaScript packages, is a prime target. The JavaScript ecosystem's reliance on numerous small dependencies creates a vast attack surface. Think of it like this: one tiny crack in the foundation can bring the whole building down.

這種攻擊突出了供應鏈攻擊的風險增加。 NPM作為JavaScript軟件包的中央存儲庫,是一個主要目標。 JavaScript生態系統對眾多小依賴性的依賴創造了巨大的攻擊表面。這樣想:基礎上的一個微小的裂縫可以使整個建築物倒下。

My Two Cents: Time to Audit Your Dependencies

我的兩分錢:是時候審核您的依賴

Personally, this whole situation has me reaching for the dependency audit tools. It's a wake-up call to be more vigilant about the libraries we use and their origins. We need better security practices and more robust vetting processes for NPM packages. Relying on hardware wallets and double-checking wallet addresses are also crucial steps.

就個人而言,整個情況讓我掌握了依賴審核工具。這是一個警鐘,以更加警惕我們使用的圖書館及其起源。我們需要更好的安全實踐和更強大的NPM軟件包審查過程。依靠硬件錢包和雙重檢查錢包地址也是至關重要的步驟。

Wrapping Up: Stay Safe Out There!

總結:在那里安全!

The JavaScript world can be a wild place, but don't let this get you down. Stay informed, stay vigilant, and maybe double-check those wallet addresses. Now, if you'll excuse me, I'm going to go audit my own dependencies. Keep your code clean, and your crypto safe!

JavaScript世界可能是一個狂野的地方,但不要讓您失望。保持告密性,保持警惕,也許會仔細檢查那些錢包地址。現在,如果您能原諒我,我將去審核自己的依賴。保持代碼清潔,加密貨幣安全!

原始來源:cointelegraph

免責聲明:info@kdj.com

所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!

如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。

2026年07月03日 其他文章發表於