News Insights: Hacker adds bitcoin-stealing code to popular JavaScript library

Off Cyber Policy in the News,

Hacker adds bitcoin-stealing code to popular JavaScript library

Hacker adds bitcoin-stealing code to popular JavaScript library

An NPM package with 2 million weekly downloads had malicious code injected into it…

FULL ARTICLE: Hacker adds bitcoin-stealing code to popular JavaScript library

News Insights:

Casey Ellis, CTO at Bugcrowd:

“Last week an attacker breached a widely used (2M+ installs) Node.js module. The attacker began by submitting to the project, building trust, and eventually gaining owner-level access, which enabled the attacker to push a compromised version, snarfing Bitcoin and Ethereum hot wallet credentials so they could be stolen and used for malicious activity.

The main takeaway with this attack is that in the world of modern software, it’s turtles all the way down… Just because the code you write is secure, doesn’t mean that the code other developers write for you is. The only way to get ahead of this is to practice deep and continuous abuse-case (i.e., security) testing.”

About The Author

Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.

Privacy Policy