Subj : Compromised files replace npm packages with a combined 2 billion To : All From : TechnologyDaily Date : Tue Sep 09 2025 19:15:10 Compromised files replace npm packages with a combined 2 billion weekly downloads Date: Tue, 09 Sep 2025 18:03:00 +0000 Description: The "biggest supply chain attack" in the history of npm took place recently, affecting almost two dozen packages. FULL STORY ======================================================================Over a dozen popular npm packages were compromised in a phishing-based supply chain attack The malware targeted crypto users by hijacking wallet addresses during transactions Some called it the most widespread npm compromise to date, affecting 2 billion weekly downloads More than a dozen npm packages with two billion downloads a week were compromised in a supply chain attack that targeted cryptocurrency users. Researchers at Aikido Security spotted a maintainer account Qix (real name Josh Junon) publishing malicious updates. In less than an hour, multiple versions were uploaded, and soon after Junon himself confirmed the attack and apologized for the mess, Yep, Ive been pwned. 2FA reset email, looked very legitimate, Junon wrote on Bluesky, confirming that the breach started with a convincing phishing email. Targeting crypto users Only NPM affected, Ive sent an email off to @npmjs.bsky.social to see if I can get access again. Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up, he stressed, showing how even the most careful people can get hit if they lower their guard. According to The Hacker News , this is the list of 20 compromised packages, cumulatively counting 2 billion weekly downloads: ansi-regex@6.2.1 ansi-styles@6.2.2 backslash@0.2.1 chalk@5.6.1 chalk-template@1.1.1 color-convert@3.1.1 color-name@2.0.1 color-string@2.1.1 debug@4.4.2 error-ex@1.3.3 has-ansi@6.0.1 is-arrayish@0.3.3 proto-tinker-wc@1.8.7 supports-hyperlinks@4.1.1 simple-swizzle@0.2.3 slice-ansi@7.1.1 strip-ansi@7.1.1 supports-color@10.2.1 supports-hyperlinks@4.1.1 wrap-ansi@9.0.1 At the same time, CyberInsider described it as the most widespread supply chain compromise in the history of the npm ecosystem. The malware being distributed through the packages apparently targeted cryptocurrency users. It is designed to intercept crypto transactions by swapping out the destination wallet address with one controlled by the attackers. Ethereum, Solana, Bitcoin, Tron, Litecoin, and Bitcoin Cash seem to be the chains targeted in this campaign. Via The Hacker News You might also like NPM packages from Nx targeted in latest worrying software supply chain attack Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/compromised-files-replace-npm-packages- with-a-combined-2-billion-weekly-downloads --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .