Researchers found a harmful Chrome extension called Crypto Copilot that secretly siphons Solana from users during transactions. It injects hidden fees into swaps on the Raydium exchange, transferring funds to an attacker's wallet without user knowledge. The extension remains available for download, despite its malicious behavior.

A coordinated effort has released over 67,000 fake npm packages since early 2024, aimed at flooding the registry rather than stealing data. The malicious packages use JavaScript scripts that require manual execution to propagate, creating a self-replicating network that burdens the platform. Researchers link this activity to a monetization scheme involving TEA tokens.

Researchers found that open source packages on npm and PyPI were infected with malware that stole wallet credentials from dYdX developers and users. The malicious code captured seed phrases and device fingerprints, leading to potential irreversible theft of cryptocurrency. The attack affected multiple versions of the compromised packages.

Researchers have uncovered two new Android malware families, FvncBot and SeedSnatcher. FvncBot targets banking users in Poland, using advanced techniques for data theft, while SeedSnatcher aims to steal cryptocurrency wallet seed phrases and intercept SMS for two-factor authentication.

A threat actor known as WhiteCobra has infiltrated the Visual Studio marketplace and Open VSX registry with 24 malicious extensions designed to steal cryptocurrency. The group uses deceptive tactics to make these extensions appear legitimate, leading to significant financial losses, including a recent incident involving a core Ethereum developer. Researchers emphasize the need for improved verification processes to protect users from such sophisticated attacks.

Two malicious Rust packages, faster_log and async_println, were downloaded nearly 8,500 times from Crates.io and designed to steal cryptocurrency private keys by scanning developers' systems for sensitive information. Discovered by security researchers at Socket, the packages were removed and their publishers banned, urging affected developers to clean their systems and secure their digital assets.

Researchers from Safety have discovered infostealer malware targeting Russian cryptocurrency developers through npm packages designed to appear legitimate. These malicious packages, which aim to extract sensitive information such as cryptocurrency credentials, are linked to servers in the USA, raising suspicions of state-sponsored activity against Russia's ransomware operators. Developers in the Solana ecosystem are advised to secure their software supply chains to mitigate these threats.

Threat actors have exploited SourceForge to distribute fake Microsoft Office add-ins that install malware, including cryptocurrency miners and clipboard hijackers, on victims' computers. Over 4,600 systems, primarily in Russia, have been affected by this campaign, which involved deceptive project pages mimicking legitimate tools. Users are advised to download software only from trusted sources and verify files before execution.

Fake cryptocurrency exchange advertisements on Facebook have been spreading malware, posing significant risks to unsuspecting users. These malicious ads are designed to deceive individuals into downloading harmful software, leading to potential data breaches and financial losses. Users are urged to remain vigilant and report suspicious ads to protect themselves from such threats.