Largest NPM Supply-Chain Attack Targets Crypto Transactions
Hackers have hijacked 18 widely used npm packages, with a combined weekly download volume exceeding two billion, and injected them with obfuscated malware that directly targets cryptocurrency users and developers. The breach was traced to a phishing campaign impersonating official npm support, which tricked a maintainer into handing over credentials. Once the account was compromised, the attackers updated packages including chalk, debug, chalk-template, supports-color, and others, embedding malicious code into the index[.]js file. This code leveraged browser APIs, including fetch, XMLHttpRequest, and wallet functions, allowing it to scan traffic and swap wallet addresses during transactions. The malware could also intercept transaction signing, silently redirecting funds from Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash wallets to attacker-controlled destinations without changing the user interface. Given the scale of these dependencies, the compromise poses a threat to millions of applications that unknowingly rely on these libraries for logging, text processing, and core functionality. The malicious updates spread quickly before maintainers and npm security teams began rolling back the affected versions, although some packages remained compromised hours after the breach was detected. Security researchers observed that the injected code not only hijacks wallet addresses but also manipulates approvals and allowances mid-transaction, ensuring attackers gain control even when the UI looks legitimate. The campaign highlights how supply-chain attacks on popular open-source projects can spread across the ecosystem, exposing developers and end-users to significant financial loss. Teams relying on these packages are advised to audit their dependencies immediately, validate package integrity, and pin versions to verified, safe releases. Automated dependency monitoring and stricter credential protection for maintainers are crucial steps to reduce exposure, as this attack underscores how a compromised account can lead to one of the largest software breaches on record.
Windows Defender Symlink Exploit: Subverting the Defender Service with Native Tools
Researchers have demonstrated that it is possible to subvert Microsoft Defender by exploiting the way it switches between versioned folders under C:\ProgramData\Microsoft\Windows Defender\Platform. Each Defender update creates a new folder named after the latest version, and the WinDefend service selects the highest version it finds, then launches Defender from that path. The weakness is that an administrator can still create entries under Platform, including directory symbolic links, and Defender doesn’t fully validate whether the “latest” folder is a real, protected directory. By creating a symlink whose name sorts higher than any existing version and pointing it to an attacker-controlled path, the next Defender start will execute binaries from that outside location. Deleting the symlink afterward leaves WinDefend pointing at a non-existent folder, which causes service start failures and a grayed-out Windows Security app on reboot. This technique is dangerous because it relies solely on built-in Windows behavior, including directory creation in ProgramData, version-picking logic, and mklink to redirect the highest version folder. It needs administrative rights, but that bar is often met post-compromise, and many environments allow local admins on workstations. Tamper Protection helps in several areas; however, it does not fully prevent the creation of folders or symlinks beneath ProgramData\…\Platform, making the update mechanism a weak link. The service enumerates folders, chooses the lexicographically highest version, and updates its ImagePath and working directory, effectively trusting the directory structure rather than validating a real NTFS directory with expected ACLs and no reparse points. Once execution runs from an attacker-writable path, DLL search order, tool replacement, or even simple file deletion can blind or disable protection. The bigger lesson is that endpoint defenses often run with elevated privileges while depending on filesystem conventions that can be redirected, turning their own trust assumptions into an attack surface. Until Microsoft ships stricter symlink and path validation for the Platform folder and update flow, organizations should treat this as a real persistence and defense-evasion vector and monitor for it aggressively.
Docker-API malware pivots from cryptomining to modular persistence and botnet staging
Akamai’s honeypots detected a new Docker-API threat in August that builds on the June wave reported by Trend Micro, but it pushes much deeper into host control. Earlier campaigns targeted port 2375 on exposed daemons to spin up Alpine, bind-mount the host, fetch a Tor-hosted script, and install XMRig, while also planting an SSH backdoor with a cron keeper. The new strain still initiates unauthorized Docker remote calls, but immediately solidifies its foothold by adding an attacker's ECDSA key to /root/.ssh/authorized_keys and modifying sshd to permit root logins. It then denies access to competitors by cron-looping through iptables, nft, ufw, and other tools to block port 2375, preventing anyone else from reaching the API. Instead of a single-purpose miner, it pulls a compressed Go dropper and second-stage binaries over Tor, parses utmp to profile local users, and phones home to a hidden C2. The toolkit also ships with Masscan-based discovery for more exposed Docker endpoints and dormant modules for Telnet and Chrome DevTools on 9222, signaling plans for wider lateral movement and botnet growth. The behavior is consistent with an operator maturing from quick monetization to durable access and infrastructure expansion. Containers created in these runs display host bind mounts, along with Base64 or Tor-driven installers, and compromised hosts often exhibit new cron entries, root SSH enablement, and a sudden loss of Docker’s listening socket after firewall changes. Collected telemetry points to modular tasking, including wallet-free payloads, API enumeration, and credential or session harvesting that can be switched on later. Defenders should hunt for unexpected Docker API calls, new containers that mount / into paths like /hostroot, and network beacons to onion domains. Also watch for fresh rules closing 2375, odd bursts to 23 and 9222, and scheduled jobs that rewrite firewall settings each minute. Immediate priorities are to remove public exposure of the Docker API, enforce TLS and authentication, segment management networks, baseline and alert on bind mounts in new containers, and rotate or disable root SSH; if you cannot lock down Docker right away, place an external reverse proxy or firewall in front of it and block 2375 from the internet.
Malvertising Campaign Exploits GitHub Branding with GPUGate Evasion
A newly uncovered campaign is weaponizing paid Google search ads to deliver malware disguised as legitimate software downloads, with a particular focus on tools popular among IT and software development teams. Victims searching for GitHub Desktop are lured to links that appear authentic but are altered through embedded GitHub commits that redirect traffic to a fake domain (gitpage[.]app). This infrastructure delivers a 128 MB MSI installer filled with junk data to evade detection by online sandboxes, while also using a GPU-based decryption method called GPUGate. This technique keeps the payload encrypted on systems lacking proper GPU drivers, effectively bypassing analysis environments and ensuring that execution only occurs on real hardware. By combining large file sizes, hardware-dependent checks, and lookalike URLs, the operators have created a layered delivery chain that makes their malware extremely difficult to filter or analyze before it reaches its target. Once executed, the campaign’s payload chains through a Visual Basic Script and PowerShell sequence that runs with elevated privileges, adds exclusions in Microsoft Defender, and sets persistence through scheduled tasks. From there, secondary components are unpacked, including executables designed to steal information and deliver additional malware. Investigations have revealed that the attacker’s infrastructure is also utilized to distribute Atomic macOS Stealer (AMOS), confirming a cross-platform focus and expanding the potential victim pool beyond Windows. Comments within the PowerShell code suggest that the developers have proficiency in the Russian language, adding weight to attribution theories. Security experts warn this approach demonstrates how attackers are evolving malvertising into multi-layered intrusion campaigns, where seemingly harmless ads on trusted platforms can lead directly to credential theft, remote access, and long-term compromise. Users and enterprises should validate all downloads against verified sources and monitor for GPU-gated execution patterns to stay ahead of this emerging tactic.
