A threat actor, “topnotchdeveloper12,” has deployed three malicious npm packages (crypto-keccak, crypto-jsonwebtoken, and crypto-bignumber) disguised as legitimate cryptographic libraries.  These packages contain spyware-infostealer malware that targets crypto-asset developers, which, distributed through npm and GitHub, exfiltrates sensitive information like credentials, wallet data, and more to C2 servers via HTTP POST requests.  The malicious packages, downloaded over … Continue reading Malicious NPM Packages Steal Crypto Developers Credentials