The popular JavaScript library hackers to inject malicious code to steal bitcoin wallet Copay

Although last week has found the existence of malicious code, but until today, security experts to get this serious confusion of malicious code, understand its true intent is what. Hackers use malicious code to obtain the (legal) to access the popular JavaScript library, steal bitcoin and bitcoin cash from BitPay Copay wallet application by injecting malicious code.

This malicious program can load JavaScrip library called Event-Stream, very popular with developers welcome, in the repository on a week more than 2 million downloads. But three months ago, due to the lack of time and interest of the original author will develop and maintenance work to another programmer Right9ctrl. Event-Stream is a Node.js for processing data stream JavaScript NPM package.

According to user feedback, Twitter GitHub and Hacker News, the malicious program in a dormant state by default, but when Copay is started (paid by bitcoin desktop and mobile client wallet application platform BitPay Development) will automatically activate. It will steal user information including private key, wallet, and will send it to the 8080 port

During the period of September to November has confirmed that all versions of Copay wallet are considered to have been infected. Earlier today, BitPay team released Copay v5.2.2, Event-Stream and Flatmap-Stream dependency has been deleted. The malicious Event-Stream v3.3.6 has also been removed from the, but the Event-Stream library is still available. This is because Right9ctrl tried to remove his malicious code, released the follow-up version does not contain any malicious code Event-Stream.

Recommend the use of the two base project maintenance personnel will depend on its tree update for the latest available version of the –Event-Stream version of 4.0.1. This link contains a list of all 3900+ JavaScript NPM software package, which Event-Stream as a direct or indirect dependency load.

Leave a Reply

Your email address will not be published. Required fields are marked *