BTC $62,196.74 -3.07%
ETH $1,772.33 -2.56%
BNB $565.69 -2.29%
XRP $1.06 -3.06%
SOL $75.13 -3.09%
TRX $0.3256 -1.67%
DOGE $0.0717 -2.37%
ADA $0.1579 -3.81%
BCH $235.83 -4.40%
LINK $7.89 -2.10%
HYPE $63.43 -6.80%
AAVE $94.62 -3.81%
SUI $0.7207 -2.78%
XLM $0.1816 -4.22%
ZEC $502.83 -6.47%
BTC $62,196.74 -3.07%
ETH $1,772.33 -2.56%
BNB $565.69 -2.29%
XRP $1.06 -3.06%
SOL $75.13 -3.09%
TRX $0.3256 -1.67%
DOGE $0.0717 -2.37%
ADA $0.1579 -3.81%
BCH $235.83 -4.40%
LINK $7.89 -2.10%
HYPE $63.43 -6.80%
AAVE $94.62 -3.81%
SUI $0.7207 -2.78%
XLM $0.1816 -4.22%
ZEC $502.83 -6.47%

针对 NPM 供应链的攻击事件再次发生

2025-09-16 09:31:56
收藏

ChainCatcher 消息,Scam Sniffer 监测到又一起针对 NPM 供应链的攻击事件,@ctrl/tinycolor(每周下载量达 220 万次)发布了恶意版本,该版本会在 npm 执行 postinstall(安装后)脚本时运行信息窃取程序,以扫描并窃取敏感数据。

此恶意载荷滥用了合法的敏感信息扫描工具 TruffleHog。请检查是否下载了受影响的版本,暂停安装/更新操作,并将版本固定为已知安全的版本。

app_icon
ChainCatcher 与创新者共建Web3世界