The "trojanization" of two popular crypto wallets allows cybercriminals to steal users' funds, security researchers have found, stressing that risks to the software supply chain risk's scope are growing.
The ReversingLabs (RL) research team found that a recently launched malicious campaign aimed at distributing malware via a fake library for converting PDF format files to Microsoft Office documents. The "pdf-to-office" package was published to the npm package manager and, when executed, injected malicious code into locally installed crypto wallets Atomic Wallet and Exodus, overwriting existing, non-malicious files in the process.
"Effectively, a victim who tried to send crypto funds to another wallet would have the intended destination address swapped out for one belonging to the malicious actor," RL explained. No estimations about the number of victims and their losses were given.
According to RL, this campaign is similar to those discovered in late March, when two simple downloaders with a malicious payload were identified.
Meanwhile, the most recent malicious package was published on April 1st before it was removed, possibly by the authors themselves. However, soon after, a new version of the same package was published.
RL also found that the threat actors focused on specific versions of Atomic Wallet that were installed on the computer, while in the case of Exodus, the two latest versions – 25.13.3 and 25.9.2 – were targeted.
The security researchers added that they've noticed attempts by the criminals to "cover their tracks and thwart incident-response efforts, or perhaps to simply exfiltrate even more information."
Moreover, the investigation found that even if the pdf-to-office package is removed from the computer, the software of both wallets would still be compromised and continue to send crypto assets to the thieves’ wallet. According to the researchers, in this case, the only way to protect your funds is to remove these wallets from your device and reinstall them.
RL has emphasized that the scope of software supply chain risks is growing for both software producers and end-user organizations.
"Nowhere is that more true than in the cryptocurrency industry, with attacks on cryptocurrency code, applications, and infrastructure a major theme in 2024 – and continuing in 2025," they said, reminding that organizations need to improve their ability to monitor for software supply chain risks.
Your email address will not be published. Required fields are markedmarked