LePlebRoyale on Nostr: Criminals attempt to steal crypto currency via malware in popular animation tool A ...
Criminals attempt to steal crypto currency via malware in popular animation tool
A popular animation tool called Lottie Player has been infected by cybercriminals with malicious code. This created a supply chain attack, through which the attackers attempted to extort cryptocurrency from victims.
The problem was discovered on Oct. 30, when several major cryptocurrency platforms saw a massive amount of pop-ups asking users to link their wallets, Coinpedia writes . It soon emerged that cybercriminals had broken into the GitHub account of LottieFiles, a company that creates animation tools used by Disney, Spotify and Apple, among others. The criminals had stolen a software engineer's login credentials, which they used to add rogue code to Lottie Player's npm package.
This rogue code caused users to see pop-ups in popular and trusted crypto applications. Those who responded to the request to link their wallet were redirected to Ace Drainer, a tool used to steal crypto currencies. How many victims were affected and how much money was stolen is not clear.
LottieFiles has since removed the rogue versions and released a new, secure version, writes LottieFiles co-founder and -cto Nattu Adnan on GitHub. Developers who do not receive the update automatically are advised to upgrade to version 2.0.8.
Translated with DeepL.com (free version)
source:
https://tweakers.net/nieuws/228216/criminelen-proberen-cryptovaluta-te-stelen-via-malware-in-populaire-animatietool.html
A popular animation tool called Lottie Player has been infected by cybercriminals with malicious code. This created a supply chain attack, through which the attackers attempted to extort cryptocurrency from victims.
The problem was discovered on Oct. 30, when several major cryptocurrency platforms saw a massive amount of pop-ups asking users to link their wallets, Coinpedia writes . It soon emerged that cybercriminals had broken into the GitHub account of LottieFiles, a company that creates animation tools used by Disney, Spotify and Apple, among others. The criminals had stolen a software engineer's login credentials, which they used to add rogue code to Lottie Player's npm package.
This rogue code caused users to see pop-ups in popular and trusted crypto applications. Those who responded to the request to link their wallet were redirected to Ace Drainer, a tool used to steal crypto currencies. How many victims were affected and how much money was stolen is not clear.
LottieFiles has since removed the rogue versions and released a new, secure version, writes LottieFiles co-founder and -cto Nattu Adnan on GitHub. Developers who do not receive the update automatically are advised to upgrade to version 2.0.8.
Translated with DeepL.com (free version)
source:
https://tweakers.net/nieuws/228216/criminelen-proberen-cryptovaluta-te-stelen-via-malware-in-populaire-animatietool.html