Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
嗯,用户让我用中文总结这篇文章,控制在100字以内,而且不需要特定的开头。首先,我需要快速浏览文章内容,抓住主要信息。 文章讲的是网络安全研究人员发现了一个新的供应链攻击,影响了npm和PyPI上的合法包。这些包被用来传播恶意版本,目的是窃取钱包凭证和进行远程代码执行。攻击者可能通过入侵开发者账户来发布这些恶意包。 然后,文章提到受影响的包是@dydxprotocol/v4-client-js和dydx-v4-client,分别用于npm和PyPI。这些包用于与dYdX v4协议交互,处理敏感的加密货币操作。 攻击者在npm上植入了钱包窃取器,在PyPI上则添加了远程访问木马(RAT)。RAT组件会在导入包时运行,并联系外部服务器获取命令。攻击者对包的内部结构有深入了解,并进行了多次混淆处理。 dYdX在1月28日披露了这一事件,并建议用户采取措施隔离受影响的机器、转移资金到新钱包,并轮换API密钥和凭证。此外,文章还提到这不是dYdX第一次遭受供应链攻击,过去两年里也有类似事件发生。 最后,文章讨论了供应链风险中的非存在包问题,即攻击者利用从未发布的包名来分发恶意软件。Aikido发现有128个这样的“幽灵”包被下载了超过12万次。 总结一下,文章主要讲述了针对npm和PyPI的供应链攻击事件及其影响。 </think> 研究人员发现针对npm和PyPI仓库的供应链攻击,恶意版本被用于窃取钱包凭证和远程代码执行。受影响的包包括@dydxprotocol/v4-client-js和dydx-v4-client,涉及加密货币交易工具。攻击者可能通过入侵开发者账户发布恶意更新,并针对JavaScript和Python生态系统部署不同payload,包括钱包窃取器和远程访问木马(RAT)。 2026-2-6 08:40:0 Author: thehackernews.com(查看原文) 阅读量:0 收藏

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.

The compromised versions of the two packages are listed below -

"The @dydxprotocol/v4-client-js (npm) and dydx-v4-client (PyPI) packages provide developers with tools to interact with the dYdX v4 protocol, including transaction signing, order placement, and wallet management," Socket security researcher Kush Pandya noted. "Applications using these packages handle sensitive cryptocurrency operations."

dYdX is a non-custodial, decentralized cryptocurrency exchange for trading margin and perpetual swaps, while allowing users to retain full control over their assets. On its website, the DeFi exchange says it has surpassed $1.5 trillion in cumulative trading volume.

While it's currently how these poisoned updates were pushed, it's suspected to be a case of developer account compromise, as the rogue versions were published using legitimate publishing credentials.

The changes introduced by the threat actors have been found to target both the JavaScript and Python ecosystems with different payloads. In the case of npm, the malicious code acts as a cryptocurrency wallet stealer that siphons seed phrases and device information. The Python package, on the other hand, also incorporates a remote access trojan (RAT) along with the wallet stealer functionality.

The RAT component, which is run as soon as the package is imported, contacts an external server ("dydx.priceoracle[.]site/py") to retrieve commands for subsequent execution on the host. On Windows systems, it makes use of the "CREATE_NO_WINDOW" flag to ensure that it's executed without a console window.

"The threat actor demonstrated detailed knowledge of the package internals, inserting malicious code into core registry files (registry.ts, registry.js, account.py) that would execute during normal package usage," Pandya said.

"The 100-iteration obfuscation in the PyPI version and the coordinated cross-ecosystem deployment suggest the threat actor had direct access to publishing infrastructure rather than exploiting a technical vulnerability in the registries themselves."

Following responsible disclosure on January 28, 2026, dYdX acknowledged the incident in a series of posts on X, and urged users who may have downloaded the compromised versions to isolate affected machines, move funds to a new wallet from a clean system, and rotate all API keys and credentials.

"The versions of dydx-v4-clients hosted in the dydxprotocol Github do not contain the malware," it added.

This is not the first time the dYdX ecosystem has been the target of supply chain attacks. In September 2022, Mend and Bleeping Computer reported a similar case where the npm account of a dYdX staff member was hijacked to publish new versions of multiple npm packages that contained code to steal credentials and other sensitive data. 

Two years later, the exchange also divulged that the website associated with its now-discontinued dYdX v3 platform was compromised to redirect users to a phishing site with the goal of draining their wallets.

"Viewed alongside the 2022 npm supply chain compromise and the 2024 DNS hijacking incident, this attack highlights a persistent pattern of adversaries targeting dYdX-related assets through trusted distribution channels," Socket said.

"The nearly identical credential theft implementations across languages indicate deliberate planning. The threat actor maintained consistent exfiltration endpoints, API keys, and device fingerprinting logic while deploying ecosystem-specific attack vectors. The npm version focuses on credential theft, while the PyPI version adds persistent system access."

Supply Chain Risks with Non-Existent Packages

The disclosure comes as Aikido detailed how npm packages referenced in README files and scripts but never actually published pose an attractive supply chain attack vector, allowing a threat actor to publish packages under those names to distribute malware.

The discovery is the latest manifestation of the growing sophistication of software supply chain threats, allowing bad actors to compromise several users at once by exploiting the trust associated with open-source repositories.

"Sophisticated attackers are moving upstream into the software supply chain because it provides a deep, low-noise initial access path into downstream environments," Sygnia's Omer Kidron said.

"The same approach supports both precision compromise (a specific vendor, maintainer, or build identity) and opportunistic attacks at scale ('spray') through widely trusted ecosystems -- making it relevant to all organizations, regardless of whether they see themselves as primary targets."

Aikido's analysis found that the 128 phantom packages collectively racked up 121,539 downloads between July 2025 and January 2026, averaging 3,903 downloads per week and scaling a peak of 4,236 downloads last month. The packages with the most downloads are listed below -

  • openapi-generator-cli (48,356 downloads), which mimics @openapitools/openapi-generator-cli
  • cucumber-js (32,110 downloads), which mimics @cucumber/cucumber
  • depcruise (15,637 downloads), which mimics dependency-cruiser
  • jsdoc2md (4,641 downloads)
  • grpc_tools_node_protoc (4,518 downloads)
  • vue-demi-switch (1,166 downloads)

"Openapi-generator-cli saw 3,994 downloads in just the last seven days," security researcher Charlie Eriksen said. "That's nearly 4,000 times someone tried to run a command that doesn't exist. In one week."

The findings highlight a blind spot in npm's typosquatting protections, which, while actively blocking attempts to claim names with similar spelling to that of existing packages, doesn't prevent a user from creating packages with names that were never registered in the first place, as there is nothing to compare against.

To mitigate this risk with npx confusion, Aikido recommends taking the following steps -

  • Use "npx --no-install" to block registry fallback, causing an installation to fail if a package is not found locally
  • Install CLI tools explicitly
  • Verify a package exists if the documentation asks users to run it
  • Register obvious aliases and misspellings to prevent a bad actor from claiming them

"The npm ecosystem has millions of packages," Eriksen said. "Developers run npx commands thousands of times daily. The gap between 'convenient default' and 'arbitrary code execution' is one unclaimed package name."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2026/02/compromised-dydx-npm-and-pypi-packages.html
如有侵权请联系:admin#unsafe.sh