A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers.”The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating private keys and mnemonic seeds to a Telegram bot controlled by the threat actor,” Socket researcher
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/09/malicious-npm-packages-impersonate.html
