Supply chain attack: Solana web3.js library was infected with malicious code
Unknown attackers have equipped Solana's JavaScript SDK with malicious code to steal private keys.
(Image: Skorzewiak/Shutterstock.com)
Anyone who has recently downloaded the JavaScript SDK web3.js from Solana from the package manager npm may have picked up malicious code. The origin is probably a phishing attack on maintainers of the library.
In a report, security researchers from Socket state that versions 1.95.6 and 1.95.7 are affected. These versions contain code that collects private keys. This makes attacks on wallets with cryptocurrency possible.
Supply chain attack
The security researchers assume that the unknown attackers gained access to the SDK via social engineering attacks on maintainers and were thus able to modify it. This is a supply chain attack.
Videos by heise
In such attacks, it is not a target that is attacked directly, but software that then downloads a Trojan onto users' systems. If it is an SDK, as in this case, the software created with it also contains malicious code and the range of potential damage is multiplied.
Check software
Developers should now check whether they are using a vulnerable version of web3.js and remove any software created with it from circulation. The researchers explain how this can be done in their report. It is also advisable to reset private keys for security reasons.
The infected packages have now been removed from npm. The corrected version 1.95.8 is also available. The web3.js library is downloaded almost 350,000 times a week. It is not yet known how often this was the case with the malicious code-infected versions.
(des)
