Hackers Hijack Npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack
Hackers hijacked NPM packages with over 2.6 billion weekly downloads through a phishing attack on a maintainer's account, injecting malware that intercepts cryptocurrency transactions. The malicious code alters wallet interactions, rerouting funds to attacker-controlled addresses. Attackers used spoofed emails to scare maintainers into revealing credentials. Some compromised packages include ‘chalk' and ‘debug', which were removed after detection. Despite concerns, specific conditions limit overall impact on users.

