Malicious code in myetherwallet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1ebe41d8281d3da01faeeac01392bd08f24ca8a9856ff67853181b7d0abf377 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4760 Malicious code in myetherwallet (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1ebe41d8281d3da01faeeac01392bd08f24ca8a9856ff67853181b7d0abf377 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in myetherwallet-kb-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae04121a4bec3299bbbc3f8d81cac34db0035ffef4fd20cb6361f9e857b86aad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in myetherwallet-kb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d136e97ade86a6efd4c28cc57377c77797a5fe535866a90d820f73d868e9607a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4761 Malicious code in myetherwallet-kb (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d136e97ade86a6efd4c28cc57377c77797a5fe535866a90d820f73d868e9607a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4762 Malicious code in myetherwallet-kb-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ae04121a4bec3299bbbc3f8d81cac34db0035ffef4fd20cb6361f9e857b86aad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MyEtherWallet: PIN bypass

Summary: MEW apk has improper rate limit. When we try to brute force the PIN, we are rate limited for 5 minutes after 5 or 6 attempt. In my testing I found that it was checking the device's local time so by changing it we can brute force the PIN. Steps To Reproduce: 1.Install MEW app from play...

Sifchain: Private KEY of crypto wallet

Summary: Hello, I'm writing in order to inform you that in your source code is stored the Private key of your crypto wallet that contains some money, as EOS, FNDR, and more. Your wallet address is this: 0x627306090abaB3A6e1400e9345bC60c78a8BEf57 Steps To Reproduce: The key is stored in "those...

49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat actors, were identified fi...

49 New Google Chrome Extensions Caught Hijacking Cryptocurrency Wallets

Google has ousted 49 Chrome browser extensions from its Web Store that masqueraded as cryptocurrency wallets but contained malicious code to siphon off sensitive information and empty the digital currencies. The 49 browser add-ons, potentially the work of Russian threat actors, were identified fi...

MyEtherWallet: Local Storage Custom Node Credentials Leak

Summary Credentials for a custom node are stored in plain text inside Local Storage on the user's machine. If this node is configured in a certain way this could lead to the theft of any funds in accounts attached to this node, by a local attacker. And if not configured this way, an attacker coul...

MyEtherWallet: Malicious Node JavaScript Injection Leading to Theft of Private Keys and User Funds

Summary This vulnerability allows injection of arbitrary JavaScript code by the node that the MyEtherWallet user is connected to. This could be one of the default nodes e.g api.myetherwallet.com, or a custom node. With this code injection, the private key can be stolen if Keystore File or Private...

New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets

Mac users need to beware of a newly discovered piece of malware that steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts. Dubbed CookieMiner due to its capability of stealing cookies-related to cryptocurrency exchanges, the...

Mac "CookieMiner" Malware Aims to Gobble Crypto Funds

A newly-discovered malware is targeting Mac users’ web cookies and credentials in hopes of withdrawing funds on their cryptocurrency exchange accounts. The malware, discovered this month and aptly named “CookieMiner,” collects cryptocurrency-related cookies – in addition to compromised credential...

BGP Route Hijacking

Yes, we can minimize the BGP Hijacking Risk Every day we see something new about the global security threat. It is hard to keep track of all the various ways your network can be attacked. But there are some threat-vectors which need particular attention. "Did you know that a threat-actor with 20...

MyEtherWallet: Development configuration file https://myetherwallet.com/

Vulnerability description A configuration file e.g. Vagrantfile, Gemfile, Rakefile, ... was found in this directory. This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict access to this type of files fr...

Hola VPN’s Chrome extension hacked to target MyEtherWallet users

By Waqas Although the decentralized approach to handling cryptocurrency wallets has been This is a post from HackRead.com Read the original post: Hola VPN's Chrome extension hacked to target MyEtherWallet users...