Threat Intelligence Report

New NPM Supply Chain Campaign Identified : A Multi-Stage Cryptocurrency Malware with More Than 2.7 million Downloads

📅 June 15, 2026 📰 www.cyfirma.com 🔍 0 CVE(s) referenced

A sophisticated supply chain attack leveraging eleven malicious npm packages—including one with over 2.7 million downloads—targeted blockchain and Web3 developers to steal cryptocurrency credentials, deploy multi-stage malware, and exfiltrate secrets via both traditional and blockchain-based channels, underscoring the urgent need for rigorous dependency auditing and supply chain vigilance.

unclassified

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle