PANews March 3rd: The GoPlus Chinese community on X platform issued a warning that North Korean hackers have released a set of 26 malicious packages on the npm registry. These packages all include an installation script (“install.js”) that automatically executes during installation, running malicious code located in “vendor/scrypt-js/version.js”. The malicious code downloads and executes a remote access Trojan (RAT) via the same malicious URL, enabling keylogging, clipboard theft, browser credential collection, TruffleHog secret scanning of Git repositories, and SSH key theft. This incident is linked to a North Korean hacking group called “Famous Chollima.”
Users and developers are advised to verify the source and security of packages before installation to avoid these 26 malicious packages and prevent privacy leaks or asset loss:
argonist@0.41.0
bcryptance@6.5.2
bee-quarl@2.1.2
bubble-core@6.26.2
corstoken@2.14.7
daytonjs@1.11.20
ether-lint@5.9.4
expressjs-lint@5.3.2
fastify-lint@5.8.0
formmiderable@3.5.7
hapi-lint@19.1.2
iosysredis@5.13.2
jslint-config@10.22.2
jsnwebapptoken@8.40.2
kafkajs-lint@2.21.3
loadash-lint@4.17.24
mqttoken@5.40.2
prism-lint@7.4.2
promanage@6.0.21
sequelization@6.40.2
typoriem@0.4.17
undicy-lint@7.23.1
uuindex@13.1.0
vitetest-lint@4.1.21
windowston@3.19.2
zoddle@4.4.2
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Payward Sues Etana Over $25M Crypto Custody Fraud
Kraken's parent company Payward has filed a lawsuit against Etana and its CEO alleging $25 million in crypto custody fraud. According to the allegations, client funds were misused, commingled, and concealed in what Payward characterizes as a "Ponzi-like" scheme that unraveled amid a liquidity
CryptoFrontier58m ago
North Korea Denies Crypto Theft as $577M Stolen in 2026
The Democratic People's Republic of Korea has denied allegations of state-sponsored cryptocurrency theft, even as blockchain intelligence firm TRM Labs reported that DPRK-linked actors stole approximately $577 million in the first four months of 2026. A spokesperson for the regime's Foreign Ministry
CryptoFrontier6h ago
X User Steals $175,000 in DRB from Bankr via Grok Prompt Injection on May 4
According to BlockBeats, on May 4, X user @Ilhamrfliansyh used a prompt injection attack on Grok to steal $175,000 in DRB tokens from Bankr's wallet. The attacker crafted a malicious tweet encoded in Morse code that Grok decoded and relayed to @bankrbot, which was interpreted as a blockchain
GateNews6h ago
ZachXBT Flags Polyarb as Fake Prediction Market With an Active Wallet Drainer
Onchain investigator ZachXBT has warned that Polyarb, a site presenting itself as a prediction market platform, is running an active wallet drainer and is gaining reach through prominent crypto accounts replying to its posts.
Key Takeaways:
ZachXBT warned on May 4, 2026, that Polyarb hosts an act
Coinpedia8h ago
Solana Co-Founder Warns AI Could Crack Post-Quantum Cryptography at 2026 Breakpoint
According to Solana co-founder Anatoly Yakovenko, speaking at the 2026 Solana Breakpoint conference in Amsterdam, artificial intelligence poses a greater existential threat to blockchain security than quantum computers. Yakovenko warned that AI models could exploit subtle mathematical patterns in po
GateNews13h ago
