Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack
2023-12-15 04:2:44 Author: securityboulevard.com(查看原文) 阅读量:5 收藏

Decrypting the Ledger connect-kit compromise: A deep dive into the crypto drainer attack

Earlier today, Ledger, a maker of hardware wallets for storing crypto, announced that they had identified malicious software embedded in one of their open source packages called @ledgerhq/connect-kit. This package is widely used as a connector between distributed blockchain applications and crypto wallets that back them up. This analysis delves into the specifics of the versions 1.1.5 to 1.1.7 compromise, cataloged in our data under sonatype-2023-4890.

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ilkka Turunen. Read the original post at: https://blog.sonatype.com/decrypting-the-ledger-connect-kit-compromise-a-deep-dive-into-the-crypto-drainer-attack


文章来源: https://securityboulevard.com/2023/12/decrypting-the-ledger-connect-kit-compromise-a-deep-dive-into-the-crypto-drainer-attack/
如有侵权请联系:admin#unsafe.sh