LEGALAUDIT

Scam Watch

Como reconocer Cross Platform NPM Stealer Targets Browser Credentials and Crypto Wallets?

TLDR

Security researchers discovered a Node.js based stealer that runs cross platform (Windows/WSL, macOS, Linux) and harvests credentials from 13+ browsers (Chrome, Brave, Edge, Opera, Vivaldi, Yandex, etc.) plus 100+ cryptocurrency wallet...

Como funciona

Security researchers discovered a Node.js based stealer that runs cross platform (Windows/WSL, macOS, Linux) and harvests credentials from 13+ browsers (Chrome, Brave, Edge, Opera, Vivaldi, Yandex, etc.) plus 100+ cryptocurrency wallet...

Señales de alerta

  • Attackers package Node.js stealer as an NPM package → developers unknowingly install malicious dependencies
  • Malware targets localhost paths typical of WSL environments → a signal of sophisticated cross platform design
  • Embedded plain text payloads reveal intent to steal browser stored credentials with zero user interaction needed

Qué hacer

  1. 1Audit package.json dependencies: run npm audit or use socket.dev to scan for suspicious NPM packages
  2. 2Never run untrusted NPM install scripts with npm install g or global flags
  3. 3Rotate credentials if you installed NPM packages from unverified sources; enable 2FA on all accounts and store sensitive keys in dedicated hardware or vault tools

Fuente

sans-isc

Fuente verificada por Mythos Forensic Team

https://isc.sans.edu/diary/rss/33006

FAQ

Es Cross Platform NPM Stealer Targets Browser Credentials and Crypto Wallets una estafa real?

Si. Trata el mensaje, la llamada o la solicitud de pago como sospechosos hasta que los verifiques por un canal oficial.

Cuales son las primeras senales?

Attackers package Node.js stealer as an NPM package → developers unknowingly install malicious dependencies; Malware targets localhost paths typical of WSL environments → a signal of sophisticated cross platform design; Embedded plain text payloads reveal intent to steal browser stored credentials with zero user interaction needed

Que debo hacer primero?

Audit package.json dependencies: run npm audit or use socket.dev to scan for suspicious NPM packages; Never run untrusted NPM install scripts with npm install g or global flags; Rotate credentials if you installed NPM packages from unverified sources; enable 2FA on all accounts and store sensitive keys in dedicated hardware or vault tools

Puede LegalAudit revisar mi caso?

Si. Abre el chat gratis y pega el mensaje, el enlace, el remitente o los datos de pago para un triage.