Kaspersky uncovers $500K crypto heist through malicious packages
The malicious open-source packages are extensions hosted in the Open VSX repository that claim to provide support for the Solidity programming language. However, in practice, they download and execute malicious code on users' devices.
During an incident response, a blockchain developer from Russia reached out to Kaspersky after installing one of these fake extensions on his computer, which allowed attackers to steal approximately $500,000 worth of crypto assets.
The threat actor behind these packages managed to deceive the developer by making the malicious package rank higher than the legitimate one. The attacker achieved this by artificially inflating the malicious package's downloads count to 54,000.
Search results for the query 'solidity': the malicious extension (highlighted in red) and the legitimate one (highlighted in green).
After installation, the victim gained no actual functionality from the extension. Instead, malicious ScreenConnect software was installed on the computer, granting threat actors remote access to the infected device. Using this access, they deployed the open-source Quasar backdoor along with a stealer that collects data from browsers, email clients, and crypto wallets. With these tools, the threat actors were able to obtain the developer's wallet seed phrases and subsequently steal cryptocurrency from the accounts.
After the malicious extension downloaded by the developer was discovered and removed from the repository, the threat actor republished it and artificially inflated its installation count to a higher number – 2 million, compared to 61,000 for the legitimate package. The extension was removed from the platform following a request from Kaspersky.
'Spotting compromised open-source packages with the naked eye is becoming increasingly difficult. Threat actors are using increasingly creative tactics to deceive potential victims, even developers who have a strong understanding of cybersecurity risks — particularly those working in the blockchain development field. As we expect adversaries to continue targeting developers, it is recommended that even experienced IT professionals deploy dedicated security solutions to safeguard sensitive data and prevent financial losses,' commented Georgy Kucherin, Security Researcher with Kaspersky's Global Research and Analysis Team.
The threat actor behind the attack published not only malicious Solidity extensions but also another NPM package, solsafe, which also downloads ScreenConnect. A few months earlier, three additional malicious Visual Studio Code extensions were released — solaibot, among-eth, and blankebesxstnion — all of them have already been removed from the repository.
To stay safe, Kaspersky recommends:
Use a solution for monitoring the used open-source components in order to detect the threats that might be hidden inside.
If you suspect that a threat actor may have gained access to your company's infrastructure, we recommend using the Kaspersky Compromise Assessment service to uncover any past or ongoing attacks.
Verify package maintainers: check the credibility of the maintainer or organization behind the package. Look for consistent version history, documentation, and an active issue tracker.
Stay informed on emerging threats: subscribe to security bulletins and advisories related to the open-source ecosystem. The earlier you know about a threat, the faster you can respond.
More information is available in a report on Securelist.com.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gulf Business
an hour ago
- Gulf Business
Mubadala, Partners Group, GIC and TPG Rise Climate to acquire Techem in EUR6.7bn deal
The transaction, which is subject to customary closing conditions and regulatory approvals, is expected to complete in H2 2025. Founded in 1952, Techem serves over 440,000 customers across 18 countries and supports energy efficiency for more than 13 million dwellings worldwide.\ Techem offers low-investment, non-invasive services that enhance energy efficiency The company offers low-investment, non-invasive services that enhance energy efficiency, reduce costs, and lower CO₂ emissions, making it a key player in the long-term decarbonization of the real estate industry—a sector responsible for roughly 40 per cent of global CO₂ emissions. Techem currently has approximately 62 million devices installed globally. Decarbonisation of real estate sector continues to be a global priority 'The decarbonisation of the real estate sector continues to be a global priority for better and more sustainable living,' said Abdulla Mohamed Shadid, head of Energy and Sustainability at Mubadala's Private Equity Platform. 'As a trusted and leading sub-metering services provider with a digital edge, Techem is well positioned to continue leading this transition, improving the energy management of buildings through better efficiency and consumption,' he added. 'We are delighted to be investing alongside Partners Group, GIC, and TPG Rise Climate and to be supporting Techem as it continues to expand and strengthen its value proposition. This transaction aligns with Mubadala's long-term commitment to deploying capital purposefully and helping to find solutions to global challenges,' said Shadid. The acquisition underscores growing investor interest in scalable sustainability solutions as the global property sector faces increasing pressure to cut emissions and modernise energy infrastructure.
Zawya
an hour ago
- Zawya
Fortinet Report: OT Cybersecurity Risk elevates within Executive Leadership Ranks
More than half (52%) of organizations report that the CISO/CSO is responsible for OT, up from 16% in 2022, while 95% of organizations report that the C-suite is responsible for OT, up from 41% in 2022 Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced the findings from its global 2025 State of Operational Technology and Cybersecurity Report. The results represent the current state of operational technology (OT) cybersecurity and highlight opportunities for continued improvement for organizations to secure an ever-expanding IT/OT threat landscape. In addition to trends and insights impacting OT organizations, the report offers best practices to help IT and OT security teams better secure their cyber-physical systems. 'The seventh installment of the Fortinet State of Operational Technology and Cybersecurity Report shows that organizations are taking OT security more seriously. We see this trend reflected in a notable increase in the assignment of responsibility for OT risk to the C-suite, alongside an uptick in organizations self-reporting increased rates of OT security maturity,' said Nirav Shah, Senior Vice President, Products and Solutions, at Fortinet. 'Alongside these trends, we're seeing a decrease in the impact of intrusions in organizations that prioritize OT security. Everyone from the C-suite on down needs to commit to protecting sensitive OT systems and allocating the necessary resources to secure their critical operations.' Key findings from the global survey include: Responsibility for OT security continues to elevate within executive ranks: There has been a significant increase in the global trend of corporations planning to integrate cybersecurity under the CISO or other executives. As accountability continues to shift into executive leadership, OT security is elevated to a high-profile issue at the board level. The top internal leaders who influence OT cybersecurity decisions are now most likely to be the CISO or CSO by an increasingly wide margin. Now more than half (52%) of organizations report that the CISO/CSO is responsible for OT, up from 16% in 2022. For all C-suite roles, this has spiked to 95%. Additionally, the number of organizations intending to move OT cybersecurity under CISO in the next 12 months has increased from 60% to 80% in 2025. OT cybersecurity maturity is affecting the impact of intrusions: Self-reported OT security maturity has made notable progress this year. At the basic Level 1, 26% of organizations report establishing visibility and implementing segmentation, up from 20% in the previous year. The largest number of organizations state their security maturity is at the Level 2 access and profiling phase. The report also found a correlation between maturity and attacks. Those organizations that report being more mature (higher of Levels 0–4) are seeing fewer attacks or indicate that they are better able to handle lower-sophistication tactics, such as phishing. It's worth noting that some tactics, such as advanced persistent threats (APT) and OT malware, are difficult to detect, and less mature organizations may not have the security solutions in place to determine they exist. Overall, although nearly half of organizations experienced impacts, the impact of intrusions on organizations is declining, with a noteworthy reduction in operational outages that impacted revenue, which dropped from 52% to 42%. Adopting cybersecurity best practices is having a positive impact: In addition to the Levels of maturity affecting the impact of intrusions, it appears that adopting best practices such as implementing basic cyber hygiene and better training and awareness are having a real impact, including a significant drop in business email compromise. Other best practices include incorporating threat intelligence, which spiked (49%) since 2024. Additionally, the report saw a significant decrease in the number of OT device vendors, which is a sign of maturity and operational efficiency. More organizations (78%) are now using only one to four OT vendors, which indicates that many of these organizations are consolidating vendors as part of their best practices. Cybersecurity vendor consolidation is also a sign of maturity and corresponds to Fortinet customer experiences with the Fortinet OT Security Platform. Unified networking and security at remote OT sites enhanced visibility and reduced cyber risks, leading to a 93% reduction in cyber incidents vs. a flat network. The simplified Fortinet solutions also led to a 7x improvement in performance through reductions in triage and setup.1 Best Practices Fortinet's global 2025 State of Operational Technology and Cybersecurity Report provides actionable insights for organizations to strengthen their security posture. Organizations can address OT security challenges by adopting the following best practices: Establish visibility and compensating controls for OT assets: Organizations need the ability to see and understand everything that's on their OT networks. Once visibility is established, organizations then need to protect critical devices and ones that may be vulnerable, which requires protective compensating controls that are designed for sensitive OT devices. Capabilities such as protocol-aware network policies, system-to-system interaction analysis, and endpoint monitoring can detect and prevent compromise of vulnerable assets. Deploy segmentation: Reducing intrusions requires a hardened OT environment with strong network policy controls at all access points. This kind of defensible OT architecture starts with creating network zones or segments. Standards such as ISA/IEC 62443 specifically call for segmentation to enforce controls between OT and IT networks and between OT systems. Teams should also evaluate the overall complexity of managing a solution and consider the benefits of an integrated or platform-based approach with centralized management capabilities. Integrate OT into security operations (SecOps) and incident response planning: Organizations should be maturing toward IT/OT SecOps. To get there, OT needs to be a specific consideration for SecOps and incident response plans, largely because of some of the distinctions between OT and IT environments, from unique device types to the broader consequences of an OT breach impacting critical operations. One key step in this direction is to have playbooks that include your organization's OT environment. This kind of advanced preparation will foster better collaboration across IT, OT, and production teams to adequately assess cyber and production risks. It can also ensure that the CISO has proper awareness, prioritization, budget, and personnel allocations. Consider a platform approach to your overall security architecture: To address rapidly evolving OT threats and an expanding attack surface, many organizations have assembled a broad array of security solutions from different vendors. This has yielded an overly complex security architecture that inhibits visibility while placing an increased burden on limited security team resources. A platform-based approach to security can help organizations consolidate vendors and simplify their architecture. A robust security platform with specific capabilities for both IT networks and OT environments can provide solution integration for improved security efficacy while enabling centralized management for enhanced efficiency. Integration can also provide a foundation for automated responses to threats. Embrace OT-specific threat intelligence and security services: OT security depends on timely awareness and precise analytical insights about imminent risks. A platform-based security architecture should also apply AI-powered threat intelligence for near-real-time protection against the latest threats, attack variants, and exposures. Organizations should ensure their threat intelligence and content sources include robust, OT-specific information in their feeds and services. Report Overview The Fortinet 2025 State of Operational Technology and Cybersecurity Report is based on data from a global survey of more than 550 OT professionals, conducted by a third-party research company. Survey respondents were from different locations around the world, including Australia, New Zealand, Argentina, Brazil, Canada, Mainland China, Colombia, Denmark, Egypt, France, Germany, Hong Kong, India, Indonesia, Israel, Italy, Japan, Malaysia, Mexico, Norway, Philippines, Poland, Portugal, Singapore, South Africa, South Korea, Spain, Taiwan, Thailand, United Kingdom, and the United States, among others. Respondents represent a range of industries that are heavy users of OT, including: manufacturing, transportation/logistics, healthcare/pharma, oil, gas, and refining, energy/utilities, chemical/petrochemical, and water/wastewater. Most of those surveyed, regardless of title, are deeply involved in cybersecurity purchasing decisions. Many respondents are responsible for operations technology at their organization and/or have reporting responsibility for manufacturing or plant operations. About Fortinet Fortinet (Nasdaq: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere our customers need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including Computer Emergency Response Teams ('CERTS'), government entities, and academia, is a fundamental aspect of Fortinet's commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet's elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence.
Crypto Insight
2 hours ago
- Crypto Insight
Real-world asset tokens are the new ETFs — CoinFund president
Real-world asset (RWA) tokens can democratize access to investments previously inaccessible to retail traders, similar to how exchange-traded funds (ETFs) expanded retail access to financial instruments when they debuted in 1993, according to Christopher Perkins, president and managing partner of investment firm CoinFund. 'I believe tokens are the new ETFs,' Perkins told Cointelegraph in an interview. The executive said tokenized RWAs, which trade 24/7 on globally accessible markets, reduce the information asymmetry that has typically kept retail investors out of private placements under existing accreditation laws. He added: 'Ordinary people cannot access private markets. They're private by their nature. And if you look in the US today, about 81% of companies — this is a BlackRock stat — with $100 million in revenue are private. Essentially, that leaves ordinary people, normal people, very little access to what are the most exciting, the most innovative companies,' he continued. Tokenized RWAs offer a compelling use case for blockchain technology that can increase capital velocity, enable equity financing through asset fractionalization, create new kinds of collateral for decentralized finance (DeFi) applications, overhaul current capital formation structures, and democratize investor access to global capital markets. Public investment opportunities in TradFi drying up 'Our public markets are completely broken right now. The system is not working as it was designed. The number of public companies is decreasing materially,' Perkins told Cointelegraph. The number of public companies has fallen by about 50% since the 1990s, according to the executive. 'We are raising less money in public markets, which makes zero sense,' he added. Brokerage platform Robinhood recently debuted tokenized stock trading for European customers. As part of the push into tokenized equities, the platform announced it would distribute a small number of OpenAI and SpaceX 'private equity' tokens to clients. The tokens provide retail investors with price exposure to the underlying private companies but no stake in the actual businesses or voting rights. OpenAI was quick to warn any prospective tokenholders that the tokens do not represent a stake in the AI firm and that the company did not approve the tokens. Despite this, private companies continue to express interest in being listed on the tokenized platform, according to Robinhood CEO Vlad Tenev. Source:
