Solana’s popular web3.js library backdoored in supply chain compromise

A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player supply chain compromise, this attack was reportedly made possible due to compromised (phished) npm.js account credentials. What happened? “Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana [decentralized apps]. This allowed an attacker to publish unauthorized and malicious packages … More

The post Solana’s popular web3.js library backdoored in supply chain compromise appeared first on Help Net Security.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter