<ul><li>A new software supply chain attack has been discovered in the npm registry targeting users of popular cryptocurrency wallets like Atomic Wallet and Exodus.</li><li>The attack involves a malicious npm package called pdf-to-office that overrides cryptocurrency wallet addresses during fund transfers, redirecting funds to the attacker's wallet.</li><li>Uninstalling the malicious package does not remove the infection from the wallet software, necessitating complete deletion of the wallet before installing new versions.</li><li>These attacks highlight the increasing tendency of cybercriminals to target open-source platforms and the need for constant awareness and maintenance for software protection.</li></ul>

Malicious npm Package Targets Atomic and Exodus Wallets

Discover more