Attackers have been looking to compromise users of the Atomic and Exodus cryptocurrency wallets through the new "pdf-to-office" npm package spoofing a PDF to Microsoft Word document converter, The Hacker News reports.
Execution of the malicious npm package would facilitate discovery of Atomic Wallet or Exodus and the eventual modification of wallet-associated files to allow the delivery of transferred crypto assets to an attacker-controlled wallet, according to a ReversingLabs analysis. Such a package has also been made to enable continuous pilfering of crypto assets even after its removal, said ReversingLabs researcher Lucija Valenti. "The only way to completely remove the malicious trojanized files from the Web3 wallets' software would be to remove them completely from the computer and re-install them," Valenti added. Such a report comes after several nefarious Visual Studio Code extensions amassing over a million installations prior to their takedown were discovered by ExtensionTotal to have enabled XMRig cryptominer compromise.
