Malicious code in defi-tools-39 (npm)

Crypto/SSH/wallet stealer, blockchain-helper-0 campaign sibling c960+, byte-identical to swap-sdk-87. postinstall auto-execs, src/index.js harvests /.ssh keys + Sol/Eth/BTC/Tron/Sui/Aptos wallets + .env + seeds, self-labels "CRYPTO STEALER", exfils to SAME Telegram bot 8227918239 chat 6433587894...

No need to RSVP: a closer look at the Tria stealer campaign

Introduction Since mid-2024, we've observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app APK, which we have named "Tria Stealer" after unique strings found in campaign samples. The primary targets of the...