Someone's poking the bear with infostealers targeting Russian crypto developers

Safety’s head of research Paul McCarty last week revealed his discovery of npm packages that he wrote “targeted the Solana cryptocurrency ecosystem and pretend to ‘scan’ for Solana SDK components.” The threat actor uses the handle “cryptohan”, which McCarty says is familiar in the crypto community, and used by “multiple people and multiple companies.” If anti-ransomware forces use a simple tactic like posting poisoned packages to the npm Registry to take out some players, that’s a win.

To read the complete article see: The Register