Post Syndicated from corbet original https://lwn.net/Articles/1037167/

The Aikido blog describes
an apparently ongoing series of phishing attacks against npm package
maintainers, resulting in the uploading of compromised versions of heavily
used packages:

All together, these packages have more than 2 billion downloads per
week.

The packages were updated to contain a piece of code that would be
executed on the client of a website, which silently intercepts
crypto and web3 activity in the browser, manipulates wallet
interactions, and rewrites payment destinations so that funds and
approvals are redirected to attacker-controlled accounts without
any obvious signs to the user.