Login
Sign Up
Woofun AI reports that SlowMist detected a coordinated malicious npm supply chain attack involving 30 packages disguised as crypto trading bots. The operation utilized the donoaccestag/forex-mt5-trading-bot repository, which featured stake-math@3.5.4 as a pinned dependency and exhibited approximately 2300 homogenized forks primarily under the poly-stocks account.
The injected JavaScript stealer targets sensitive data including encrypted wallet libraries, browser cookies, developer credentials, private keys, mnemonics, and API tokens. SlowMist advises developers to remove affected packages, audit package.json and CI logs, and rotate all exposed credentials while rebuilding environments from clean images.